gynopean Patent Office 
Office europesR des brevets 



llllllillllliililllilllliil 

EP 1 248 188 A1 



EUROPEAN PATENT APPLSCATiON 
pubiishsd in accordance with Art. 158(3) EPC 





f51) intci': G96F 9/06, G06F S,/445 


0^ 10 2002 Bifl1l$tjn 2002Mi 




- • , - 

^Sb) Into^rffationBi tippiscation nunnber: 


(21) App;iCr:l!on riLifnoiS^r 027103oo.o 


PCT/JP02/00S99 


(22) Date of filing; S0.01 .2002 


(87) International publication .lumber: 




WO 02/061 572 (08,08.2002 Gazette 2002/32) 


(34) DcsignaSed Contracting States: 


ITAQAKI, Takatoshi 


AT 8E CH CY DE DK £S B FR GB iB IT U LU 


Edogawa-ku, Tokyo 134-0084 (JP) 


Me NLPT SETR 


» SirtORtGUCHl, Alsushi 




Bunkyou-ku, Tokyo 113-0033 (JP) 


(30) Pnoriiy; 31.01.2001 JP 2001024738 




22.03.2001 JP 2001083567 


(74) Reprssenta-i'v'o- HOFFMANN EITLE 




Patent- und Rechtsanwalte 


(71) .Applicar^t; NTT DoCoMo. Inc. 


Arabellastrasse 4 


Tokyc 100-6150 (JP) 


81925 Msinchen (OE) 


(72) inventors' 




• MATSUNO, Takeshi 




Meguro-ku, Tokyo 153-0062 (JP) 





SYSTEM FOR DELIVER^^^G PROGRASyS TO STORAGE MODULE OF UOBILB TERMINAL 



(57) A UitVI 1 2 tif;viriG a piuraliti/ of .storage ar; 
buiit into or mounteci :n a mobile termlnril 11 A cor 
server 19. L-pon recapt cf a distribution request fro 
mobile terminal 11. distributes a program or data 



al ttie tiriia of program execution or the pr'ogram stselt 
througi"! a notv/ark Inciuding a radio network. Tills &ro- 
grarr. and the data or the program iJseil are stored ir: tMe 
storage area of the UliV! 12 and not through the conirol 
unit of !he mobil:e terminal 11. 
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TECH^i:iCAL FIELD 

[0Q01] The present :nventiori reiatestcatechniquefor 
dlslribjing a program (applicaiion or applet) to a stor- 
age rr:odule built or rnounted in a mobile terminal. 

BACKGFlOUhJD ART 

[0002] In recent y>:i?.rs. a mobiis temninal has been de- 
veioced which has a prograrr: execuiing envlronmen!. 
An example of a mobiis lerrninal oi Ihis type is one wlich 
has 5 Java virtual r-;achine. The user installs a program 
in tne mobite tsrmirisl and thus can Hdd a desired func- 
tion to the mobile tsrminaL 

[0003] However, tven if dssirasle functions are added 
to a mobile terminai. a user is liable lo become tired of 
using the same nobiie terminal ader a proLracled peri- 
o-:i. On the othet hana. the mobile terminal industty suf- 
fers fierce cotT:pfc*itiori snO various new products, attrac- 
tive to users, haveb-jen successively placed on t^e mar- 
ket. A i;ser may want io change his mobile lermiinai with 
a new dcsirabto product placed on the market Once the 
mobiis terminal is replaced, however, the iunctior^s that 
have hitherio been Bdded to the old mobile termina; can- 
not be used any longer. If the same functions are to be 
used oven after theo-sange of a mobile terminal, tiie pro- 
grams that have been installed in iheold mobile terminal 
hav-2 tc EDS instaised in the new mobile termlna!. This is 
a .troublesome job. 

DISCLOSURE OP THE IMVENTiON 

[0004| This Invention has been achieved in v(ew of the 
situation described above, and the object thereof '\s to 
provide a system ir^ vvhich even after a mobile terminal 
IS changed, the programs that could be used before the 
change of the mobiletemiinai; can bs continuously used 
after the change, 

[0005] In ord^5r to achieve this object, the present in- 
ventors have taKen notice of a certain type of a mobile 
terminal, thai is to e^v, a mobile terminal capable of be- 
ing mounted or having fitted therein a module tor stonng 
the subscriber information including the subscriber 
number and the m.ernory dial mfoimation {hereinafter re- 
ferred to as the user 10 module or UW). The user oi this 
type of the mobile terminai, whenever desirous of 
chan3i,'ig it with a ni=w mobile terminal, can use the new 
mobi;---: U;r;?i!fial in similar mannet simply by mounting or 
building into the ne\v mobile terminal the UilV! which he 
may have. In connection with this, the present inventors 
have corns up with the following idea SpecificaliV; once 
a program is storec; n this UIW. the program used with 
the old mobile tenrihal can be easily transferred to the 
nevj mobile ferminal to,- an improved operating conven- 
iencs of the user 

[0306] Neverthel'iss, the problem of security has 



beer! an obstacle to realizing such a novel mobile ter- 
minal, 

(00C7] f^irst. as long as no limit is set on the operation 
of writing a program in the UIM t^s inherent functions 
5 cl the mobile terminal may be undesirabiy destroyed in- 
tentionally or negligently. 

[0008] Also, the subscriber information stored in the 
UllVi may include the personal intormation cr data hav- 
ing monetary value. From the viewpoint of security, 
therefore, careful consideration is necessary not to 
cause the leaitage of this tnformaiion m writing a pro- 
gram m the DM. 

[OOCS] in order to sdve this security problem; and Im- 
prove the operating convenience for the user, according 

'5 to the present invention, there is provided a program dis- 
tribtjiion system comprising a mobiie terminal having 
means for transmitting a program distribution request, 
a storage module built in or conrectedto the mobile f.er- 
minai, a contents server for receiving the distribution re- 

20 quest and transmlltirsg a program to be distributed and 
a distribution management senyer for receiving tDe pro- 
gram from the contents server and; as long as the con- 
tents server is authorised, transmitting tne programi re- 
ceived from the contents server tc the storage mcdu;c 

2s built in or connected to the mobile temiinal, character- 
ised in that the storage module includes a storage unit, 
and a control unit for storing in the storage unit the pro- 
gram received from the distrioution management server 
through the mobile ienriinai and executing the program 

30 stored in the storage unit in response to a request. 
[0010) Also, according to the present invention, there 
is provided a program distribution system comprlsirig a 
mobile terminal having means for transmittirig a pro- 
gram distnbution request, a storage rnoduie bulll in or 

35 connected to the mobile tenrilnal, and a distribution 
management server for receiving the distribution re- 
quest: and in the case where the program to be distrib- 
uted is provided by the authorizeci contents server ac- 
quiring and transmitting the program to the storage mod- 

•ic ule buili in or connected to the mobile terminal, charac- 
teri;;ed in that the storage module includes & storage 
unit, and a controi unit for receiving the inforrns-ion 
through the mobile terminal: stonng the information m 
the storage unit only in the case where the intonnation 
Is the program received from the distribution manage- 
ment sea'er and executing the program stored in the 
storage unit in response to a requssl. 
[0011] With these systems, only a program supplied 
through the distribution management server from an au- 

so thonzed contents ser-ver is written in the storage module 
and therefore, the user can write a new program in the 
storage module with guaranteed security. 

BRIEF DESCRIPTION OF THE DRAVJINGS 

[0012] 

Fig 1 IS a block diagram showing a configuration of 
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a DiogrRm dis.ir:culion systesr: sccordincj to a first 
embodiment of ine invention. 
Fig. 2 shows Lni: external appeararicc o- a mobile 
ierrnma; accQ-a:^;g to the same embodimenT. 
F;:3. 3 is a block diagram showing a configuration of 5 
the saiT-e msbij* termirsal. 
Fig. 4 is; a diagrsrr; showing a coniiguraiiori of tfis 
same mobile t5>rminal and the DIM DUill m or con- 
nected 10 ii. 

Fig 5 is a s.eq;;£;nce diagram showing the process io 
from progrsfT; d;str;but:on to activation according lo 
the same embcidsment.. 

Fig. 6 i£. a seQu«nce diagram shewing the program 
distribution operation according to ths same sm- 
.bodiment. 

Fig 7 iS a disgram showing a display screen ot the 
mobiietermiF^a: at the time ot program, distribution. 
Fig 8 la a seqije-nce diagram showing the program 
activation operation according to the same otribod- 
iment, ^° 
Fig. 9 is a sequence diagram showing the process- 
es of the program deactivation in compliance with 
a request from t«e contents server according to the 
same embosimant. 

Fig, 1 0 is a eocusnce diagram showing -he process 
of the program celets operation in compliance with 
a reqijest from the contents server according lo the 

Same embodiment. 

Fig 11 is a seoL^'ence diagnam siicwing the; process 
of the program deactivate operation and the pro- so 
aram delete operation in compliance with a request 
fromfhe dismfcjtlon management sen/er according 
to the same embodiment. 
Fig. 1 2 is a sequence diagram of the uiM exchang- 
ing the version ^ntcnnsticn according to the same 35 
erabodsment. 

Fig 1 3 is a sequsnce diagram showing the process 
ending in a program distribution failure due to a 
memory si'sifrtaga. 

Fig. 1 4 is a sequence diagram showing the process -^f 
ending in a program: distribution failure due to a 
memory error. 

F;g. 1 5 is a oiagrsim showing a display screen pro- 
vided to tre user at the time of prcgnam deletion 
Fig. 1 5 is a a;.^gram showing a display screen pro- •'s 
vided to the us.e-- at the time of account settlement 
'or an electronic con-mercial transaction. 
Fig, 1 7 is a di.ig.am showing a display screen pro- 
vided to the user at the time of commodity purchase 
irnTiale order sale 

Fig, 1 8 IS a diagram showing a display scrser- for 
sotting the aLiiomatic program start. 
Figs. 19 and 20 ate diagrams showing a display 
screen at the lime of using a commutalion pass. 
Fig. 21 IS a b-oo'< diagram showing a configuration 55 
cf a program dis^ribuiion system according to a sec- 
ond em.bodimer^t of the invention. 
Fig, 22 is a ciiagram showing a conliguration of a 



memory in the UIM according to the same embod- 
iment. 

Fig. 23 IS a block diagram showing a configuration 
of a distribLition management server 1 6A according 
te the same embodimient. 
Fig. 24 is a sequence diagram showing tne process 
for registration in a user information storage unit. 
Figs. ?5 and 26 are sequence diagrams showing 
the operation of registering a programi registered in 
the user information storage unit, m any of the basic 
biocksoftheUlM 12. 

Figs, 27 and 23 are sequence diagrams showing 
the operation cf registering a program registered in 
the user information storage uni! , in any of the basic 
Diocks of the UifW, 

Fig, 29 is a sequence diagram showing the opera- 
tion of deleting a program registered in the user in- 
formation storage unit 5 1 . 

Fig, 30 is a sequence diagram showing ttie opera- 
tion of deleting a program registered in tiie basic 
blocks of the UIM. 

Fig 31 is a sequence diagram showing the deacti- 
vaiion process for the user information storage unit. 
Fig. 32 is a sequence diagram showing the deacti- 
vation process for the basic blocks, 

BEST MODE FOR CARRYING OUT THE INVEMTiON 

[0013] Now. preferred embodiments of the invention 
will be explained wsth reference to the drawings, 

[t] First eraboditrtent 

[1,1] General conflQuration of program distribution 
system 

[0014J Fig, 1 is 3 block diagram showing a configura- 
tion of 3 program distribution system according to a first 
embodiment of the invention, 

[00151 A program distribution system 10 roughly com- 
prises a mobile terminal 11 , a radio base station i3, a 
switching station 14, a network mobile communication 
service control umt 15, a dislriaution m,anagement serv- 
erl 6, a distriioution service control unit 1 7, an authenti- 
cation seiver 1 B. a contents server 1 9 and a public net- 
wori< 20, 

[0016j The mobile terminal 11 is an information 
processing unit, for example, having communication 
functions such as a portable telephone or a PHS i ?er- 
sonal Handyphcne System 'registered trade nanne)) 
Furti-rer, the mobile temiina! 11 has mounted or built 
therein a UiM (User Identificstion fiflodule) 12 capable 
of storing various pfograms cr data 
(0017] The radio base station 1 3 communicates with 
the mobile terminal 11 through a radio link, 
[001 S] The switching station 1 4 controls the switoning 
operation between ths mobile ternina! 11 and a cor-n- 
mon channel interoffice signal network 20 constituting a 
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■Atre rietwcfk. conn-sated to eacn other throiigh the radio 
base statxjri 13. 

£0019] The network rnor-fe comrnunication ser>/ice 
contrci un;t 15 controls the communication in the case 
■A'here s program is distributed io the mobile terminal 11 
through the public nstwork 20. 
[0020] The contents server 1 S distributes various con- 
tents on ths one hand and distributes a program as re- 
qiissiscifronn She mob^^e terminal 11 on the other, 
[0021] The distri&uiion management server 1 6 relays 
and rr^anages ths distribution of a program from the con- 
tents server 1 9 to -he UM 12. The distribution o' a pro- 
gram to the UIM 12 and access to a program stored in 
the UIM 12 are carried out always through the distribu- 
tion management servsr "6. This is the most significant 
teaiure of this embodimen;. 

[0022] The distribution service control unit 17 oper- 
ates like an inter'ac-; between ths distribution manage- 
ment st5rver 16 and tfic; public network 20 in the case 
where a progr.^m is distributed through the pubiic net- 
wor1<20. 

[0023] Ths authentication server 1 8 is a devics for is- 
suing a certificate required for program distnbution to 
the contenta server 19. This ceriificatc inciudes a UIM 
public key having ths function c-f explaining, for the ben- 
efit of the UIW 12, tnat the contents servsr 19 is duly 
authonzed to disl'ltJUte a program to the UIM 12, and a 
■iistrlbutior^ msnagc-mefit server public key having the 
function of certifyiRi^, for the benefit of the distribution 
management &er;e- 16. that the contents server 19 is 
similarly au5hcri?eCi. 

f0024] The content;. >cn/er 19. the distribution man- 
agement server 16 -.ind the authentication server 18 ac- 
cordingtothss embodiment have the follow:ng functions, 
rsspectiveiy. 

(a) According to this embodiment, the contents 
server 1 9 sends a program addressed to the U it-A 
12, to ths distribution managem.enl server 1 5, which 
in turn distributes the program to the UIM 12. Tho 
contents server 1 9 never distributes the program di- 
rectiy to the Ulfv^ 12. 

{b) The cortienJis server 19 distributes a program to 
the UIM 2 Icy e-c iv-..-. ■ r^iu-iij-v.;;-!-! of a public- 
key type Viftth the distriouiion management server 
16 as fr.--\ interrvwdiarv The UiW 12 of each user Is 
equipped with a PKI (public key infrastructure), and 
eacn UIM 12 h:;:s. a ij:?v! v.i ivate key unique to the 
particuiar UIM '2. For dl3tribuiir;g a program ad- 
dressed tc a given U!M 12 the contents server 19 
acquires a UiW public key paired with a UIM private 
key fortne parturuler UIM 12, whereby the program 
is encr/pted, 

(c) According to this invention, only an authorised 
contents serv&r 19 can disthbute a program ad- 
dressed to th& UW- 12 The authorized contents 
server ^9 is assigned a distribution managemient 
server public key. The contefifs server 1 9, upon re- 



ceipt o! a dislribijtron request from tne mobile 1sr- 
■Tiinai 11 , further encrypts, by the distribijtion rr-an- 
sgement server pubiic key. the programi aiready sn- 
cryptsd by the UIM putiiic key and addressed lo ihe 
5 UIM 12, and sends it to ths distribution manage- 
men • server 16, 

;1 .2] Cori figuration of mobile lerrninal 

10 [0025] Fig. 2 shows the external appearance of ths 
mobile terminal 11. The mobile terminal 11 inciudes s 
display section 21 and an operating section 22 
[0026] As shown in Fig. 2, various processing menu 
Items, the screen being browsed, the telephone number 

^5 screen, etc, are displayed on the display section 21 . 
[0027] The operatirig section 22 has a plurality of op- 
erating buttons for inputting various data and displaying 
menu item screens. One of the operating buttons of the 
operating unit 22 is a UiM button 23. The UIM buticn 23 
is operated by the user for uttli2:irig a program stored in 
the UIM 12. 

[002S] Fig. 3 is a biock diagram showing a configura- 
tion of a mobile lemiinal, 

[0029] The mobile temnina! 11 includes a display scc- 
tion 21 , an operating section 22, a control uni; 31 , a ator- 
-aga unit 32, an external equipment int-srface (i/F) unit 
33, a communication unit 34, a UIM interface (I/F) unit 
35 and an voice input/output unit 36. 
[0Q30] The control unit 31 oonfrnis the various p.arls 

30 of the mobile terminal 11 based on the control data .and 
the control program stored in the storage unit 32. 
[0031] The storage unit 32 is configured of a HC'-A. a 
f-^AiW, etc., and has a plurality of storage areas inciudifig 
a program storage area for storing various programs 

3? such as a browser for accessing an internet and a data 
storage area for storing various data, 
[0032] The external equipment I/F unit 33 is an inter- 
face uttti/ed by the control unit 31 and the UIM 12 for 
exchanging information with an external device. 

■JO [0033] The communication unit -34 transmits various 
data including audio and text messages to the radio 
base station 13 through the antenna 34A under the con- 
trol of the control unit 31 on the one hand, and receives 
vanous data sent to the mobile terminal 1 1 thr'ougi": the 

•*s antenna 34A on the other hand 

[0034] Ttie UIM I/F unit 35 inputs/outputs data from 
and lo the control unit 31 . The UiM 1/F unit 35 also out- 
puts ths output data from the communication unit 34 or 
the external equipment 1/F unit 33 to the UIM 12 wi;nout 

5D the Intermediation of the control unit 31 Also, the output 
data of the UIM 12 is output directiy to the external 
equipment I/F unit 33 or the communication ijnit 34 di- 
rectiy witiiout the Intemedjation of the control unrS 31 . 
The reason why the data are input/output from ar\d to 

?-'> the external equipment !./F 33 orthecomiv.unication unit 
34 without the intermediation of the control unit 31 is m 
order to prevent an illegal access to the data on the UIM 
1 2 by the alteration of the control program of the control 
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!.!n;T 31 snd ^hus so nr^aintain socu rit;/ 



1 .3] Confiy'jraticn 



[G0351 Fie;. shows a configuration of the UiM 12. in 
F;q. 4. a part o! ths con^ponent elements tne mobils 
tGrminsi 11 ars shown together with the compcnont el- 
enenis of the UiW 12 to clarify ttie relalion with the mo- 
biia terminsi 11, As shown in Fig 4. theUlM 12 includes 
ft memory 12M, wi-^ich in turn, roughly, hasa systfsm ar- 
ea 1 £A. anc an application area 1 2B. 
[00361 Vhe system area 12A has stored therein oer- 
scna! intormation daSa unique to each usersuch as sub- 
set iber nunss: d-.tf: o'jtcjOing call history Infosmaiion 
dPJa, incoming cai; hstoty information data, speech linne 
in;orrp,ation data and a LiiiVI pnvats key. Tlie mobile ter- 
minal 11 com.i-nunicates v^ith ether commiunication units 
using the subscriDsr number data in the system area 
12A as acaiiiny line identity. 

[00371 The ^.pp' i.3i.o' -irea 1 2B is foe storing the pro- 
gram distributed &r\S the data used at the lime of exe- 
cution of the program, and divided into a plurality of ba- 
sic blocks. In the case shown in Fig. 4. the appiicalion 
area 12B is divided i^to six basic blocks 40-1 -o 4C-6. 
tOOaS] The basic blocks 40-1 to 40--6 each include a 
program, area -11 and a data area 42. The program area 

41 of each aasic block 40-k has stored therein a program 
(an application or a:^ applet). The data area 42 of each 
basic block 40-k. on the otne^ har^d. has stored therein 
the data used a! the tirr.e ot executing the program in 
the program area 41 ot the same baste biock 40-k. 
[0039] The basic oiocks 40-1 to 40-6 are independent 
of each other, and are basically so managed that the 
application or the appiet stored in the progranr. ares 41 
cf a given basic block 40-j cannot access the data area 

42 of another basic biock 40-k j) By employing this 
configuration, tne security of each ptogram is main- 
ta ned. Even in the case where data having ft monetary 
value (what is called '^a value"} are recorded in the data 
area 42 of a given basic block 40-), therefore, the par- 
ticular data is neve: rewriaen. internionaily or incidental- 
ly, by a program stored in another basic biock 40-k j), 
[C040] The application or the applet constituting a pro- 
aram stored in she progtam area 4i ; on the other hand, 
cannot be distrscuisd or deleted without ! he intemiediary 
of the distribution management server 1 6. The data area 
42. however, can be operated directly through the dis- 
tribution managemsni server 16 or a local terminal as 
in the case where the electronic money is downloaded 
from an ATM. 

[0041] Further tne application area "£ has a storage 
area for an activst^or- Slag Indicating whether the pro- 
gram in the program area 41 of each of the basic blocks 
40-1 to 40-6 can be estecuted or not. 
[0042] The control unit 30 is a means tor writing a pro- 
gram forthe basic oiock of the application area 12B .set- 
ting or resettiriQ she activation flag con-esponding to 
each basic block cr executing a program in a designated 



Basic biock. in response to a request given through the 
mobile term.inal 11 . Upon arrival of a program encrvpt-2d 
by the UIM public key from the dtstribulion manafiement 
ser^^sr 1 6, theoontroi unit 30 decrypts the program using 
5 the UIM private key in the system area 1 2 and writes it 
in a basic block. Also, the control unit 30 can execute 
the program in the basic block. In the process, the infor- 
mation required by the program in execution is scqtiired 
from the other party of tne communication in the netwc^k 
<o or from the user of the mobile terminal 11 through the 
browser executed by the mobile temiinat 11 The contrcl 
unit 30 can aiso send the result of program execution to 
the other parly o) communication in the network or serd 
it to theuserofthe mobile terminal 11 through the brows- 
es cr. AlEO: the control unit 30 car exchange inlotmatlon 
with external devices through the hardware resources 
of the mobile terminal 11 without the intermediary of she 
browser in accordance with the program in the basic 
block. An ■sxample of a program available for this pur- 
20 post; IS an application progtam for causing tfie mobile 
tetmina! 11 to function as a commutation pass. In exe- 
cuting this program, the control unit 30 can CKchange 
the pass information with the card reader/writer at the 
gates of a railway station utilising a shott-range radso 
S5 unit fno; shown) connected to the OKternal equipment. 1/ 
F ot the mobile termmai 30 The program forthe con-rcl 
unit 30 to perform the various processes described 
above, including the execution and control ot the pro- 
gram in the applica- ion area is stored in the system, a.'-sa 



[1 .4] Operation of first embodiment 

r0043] New, the operation of the first embodimenS will 
35 be explained taking the distribution of the commutation 
pass applet as an example. 

r0044] Fig. 5 is a sequence diagram showing the proc- 
ess of program distribution, write operation and acliva- 

■fo [0045] As shown in Fig. 5, these series of processes 
are roughly configured of the step of distributing an in- 
active program (applet) as a memory moduie to the iJi Vi 
12 andwhting it in the UIM 12 {step SI), and an activa- 
tion step for activating the program written (step S2). 

(1 ,4 1 1 1ssue of certificate to distribution management 
server 

[0046] Fig. 6 is aseqsierxe diagrasm showing the proc- 
50 ess of distributing a program and writing it in Ihe UIM 
12 As shown m Fig. 6 the authentication server 13 is- 
sues .-i certiitcate to the contents server 19 permitted to 
distribute ihe program addressed to the UiM 12 (step 
S11). The certificate is issued to enable the ccn;-3nts 
55 setver 1 9 and the distributton management sen/er 1 S to 
perform the snciyption connmunication based on the 
public key encryption meihod. Specifically; in order to 
m.ake possible the encryption communicatiors ussng a 
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fiutiiit; key. a (j:str:bu;io-"! mRni)g>-;rnent sorvrjr privfiio key 
and a dsUib-jtior- rrsariagement i,s:ner puoiic ksy, con- 
stiuiiing a pair, are gsr^ereted The distribution rrsanage- 
ment server private Key is stored :n the dis'iribuiion man- 
agement server "Se. wf>::e the dist^bution management 
server publio i<ey is transmitted I'rorr, !rie aulhentication 
server 1 3 to the conlents server 1 9 as a certificate iden- 
tifying a person periTsiitsd to disLnlDute a program. The 
contenls ser\'er 1 9, uson receipt of the distribution man- 
agement server public !<;ey, siores it in preparation for 
program distributiors. 

1 1.4.21 Progra-n distribution request 

[0047] The user can cause the ccntrol unit 31 to exe- 
cute the browser and ihus can access the home page 
of the contents provide: by operating the operating sec- 
tion 22 of ths moDiie terminal 11 . As a rosjlt of this ac- 
cess, a distribution menu screen D1 indicating the pro- 
gram distfibution perfor-nad by tne corUents server 19 
of the contents p'ovider is displayed, as stiov^n in Fig. 
7. on the display sec£;on 21 of the mobile -eiTninai 11. 
Under this conditiori, tne user transmits a program (ap- 
plet) distribution request frorri the mobile terminal 11 
through the network to the contents server 19 by oper- 
at:ng the operating section 22 of the mobila terminal 1 1 
(step SI 2). 

[1 4 3j Certificate issi.:e request to UIM 

[C043] The contents server 19 upon receipt oi a dis- 
tribution request Irom the mobile terminai 11, sends a 
certificate issue raqLiesi to !he authentication server 18 
(step S12), 7"his certificate issue request contains the 
information for specifying the tj!f\^ 12 of the mcbiie ter- 
minal 11. The certificate issue is roquested m o.rderto 
enable the contents server 1 9 to conduct the encryption 
communication of public l^ey type vj:th the UIM 12. More 
specificaily. in orde- to make possible tf-se encryption 
communication of puGiic key type, the UiM private key 
and the U!M pubiic key paired with thetorrrje' are gen- 
erated in advance, and the UIWl private key is stored in 
the UIM 12 in advance ^ while the UIM public key is 
stored tn the authenricat:on server i S in advance. In step 
St 2, the UiM public Key stored in the authentication 
server 1 & is requested as a certificate ot a person per- 
mitted to distnbuie h program addressed io the Ul^l 1 2. 

[1 4.4] Issue of csrti;f:cate and distribution of program 
with certificate to Uif»^ 

[0049] The authei-itication sen-'or 18, upon receipt of 
a certificate issue request from the contents ssn/er 19, 
issues to the contei'iis se?ver 19 a UIM public key as a 
certificate corresponeing to the UiM 12 spscified by the 
partinular issue req^jest (step SI 4). 
[0050] The conten:s server 1 9 enctypts fhe program 
of which distribution is requested, by use of the U\M pub- 



10 

lie key coriesponding to fhe tJIM 12. The program ot)- 
tainod by the encr^'ption is considered a program win-; a 
certificate for a legitimate person a^jtroriied to acor^'ss 
the UIM 12, 

s fOOSI] Then, the program encrypted by she !,Ji[i/l pLJi;5i:c 
key is further encrypted by the conleiits server 1 9 using 
trie distribution management sender public key received 
from the authentication server 18 in advance. The pro- 
gram obtained by this encryption can be consideres a 

10 program having attached thereto both a certificate 
Showing a legitimate person authorized to access tfe 
•JIM 12 and a certificate showing a legitimate person au- 
thorized to distribuie a program through the distributicn 
management server 16. 

IS 

n .4.5] F-'rogram dsstrfeution 

[0OS2] The contents sen/er 1 9 distributes the program 
obtained by the aforementioned two encryption sss- 
sions, to the distribution management server 1 6 thr ough 
the network: (Step S15.). 

[0053] The distribution management server 16 d-?- 
cryfpts the encrypted program distributed from the con- 
tents server 19, using the distributii^n management 

3s server private key. Once this decryption succeeds, the 
program encrypted only by the UIM public key can ^e 
Gbta:ned. In this case, tns contents server 19 can ^e 
considered a legitimate person authoiized to distribute 
a program addressed to the UIM 12. The ciistnbut:Gn 

30 management sen/er 1 6 transmits the data on the screen 
02si-own in Fig. 7 to the mobile terminai 11 , and causes 
the data to be displayed on the display section 21 . This 
screen D2 is for making an inquiry at ti^-e user as lo 
whether the program can be distributed or not. 

35 

n 4 6] Writing m UIM 

[0054] After the user confirms the screen D2 and per- 
forms the operation through the operating >=3eGlion 22 for 

■io permitting the program distribution, a notice to perrnit 
cistfibuticn is sen* to the distribution managennent serv- 
er 1 6. The distribution management server 1 6, upon re- 
ceipt of the notice, distributes to the UiM 12 the program 
obtained by decryption, t.e. the program encrypted by 
the UIM public key (step S1 6). 
[0055} This encrypted program is delivered as it is to 
the control unit 30 of the UIM 12 through the mobile ter- 
minai 1 1 . Specifically, the mobile teinnnal 1 1 sir!-:ply pro- 
vides tne UIM 12 with the communication function. Tnis 

50 operation by the mobiie tenninai 11 guarantees the se- 
cure transmission to andthe secure write operation into 
the UIM 12. 

[0056] If the distribution management sen/er 16 iS to 
send a program to the UIM 12 in the aforementioned 
55 Tianner it is necessary for the di-stribution managen-sent 
servei' 16 to establish a link with the LJiM 12. This in rurn 
reqijires the acquisition of the telephone number oi the 
mobile terminal 11 with the UiM 12 conngcted thereto 
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orbiiilt thBTein. 

[00571 ^'^'^ ccncaivEible method to achieve this, at 
tne l-^e of issuing a distribution reqjost 'rem th« mcbiie 
terninai 11 \o the :;ont£!nts server 1Q, the telephone 
number of the mobi-s term'nai 1 1 is caused to be trans- 
mitted to the contents server 1 9 which sends this isle- 
phone number to ira distribulior, managemont server 
16 In this way, th-J distribution management server 16 
can access, the rr<oc.\e terninal 11 using the telephone 
number sent to it, and thus can ciistribute the program 
addressed to the Ui?*^ !S: 

[0058] Another available method is described below. 
SpGcificaliV: In advsrjce of issuing a distribution request 
fron^ the mobile terrninai 11 to the contents server 19, 
at- Identifier !s detsrn-:ined iselween the mobile temiinal 
11 and the disirib-jtlon rnanagemernl server 16 in place 
of the le-iephone ni-mber of the mobile terminal il; sc 
that the d^stribu-ion rrianagement server 16 stores the 
telephone numbe- ar-d ihe identifier as information cor- 
resporiding to eacn oiher. The mobile tetrnlna! 11 sc-fids 
a distribution recues; containing t"e icsentifierto Ihe con- 
tents server 1 S, wnich tn turn attaches the identifier to a 
program when sensing the program to the distribution 
management server 16. The distrsbLstion management 
ser*/er 16 determ nes the telephone nurmber of the mo- 
bile terminal n ;ro:"i the idonlifier and based on this tel- 
ephone number, ca^^sthe mobile lerminal 1^ and distrib- 
utee ihe program address(?d to the UIM 1 2. This nr^elhod 
has the advantage that the need is osiminatsd of notify- 
Ing the telephone number oi the mobile terminal 11 lo 
the contents server 19. 

j:0059] The c.ontroi unit 30 of the DIM 1 2, upon receipt 
of a program encrypted by the UIWi public key in the 
manner dsscribad -sbove, decrypts the program using a 
UIM private key p.aired with the particular HIM public 
key. Once this decr>.pt:on ends in success, a program 
is obtained in ttie form of an ordinatv text not encrypted. 
In this case, the contents server 19 making up the origin 
is considered a parson duly au!horii!ed to distribute a 
program to the UlM 12. The IjM 12 writes the program 
obtained by decryption, in the appropriate one of the ba- 
sic blocks 40-1 tc- 4G-6 of the memory. 
[00601 During this write operation, the screen D3 
shown in Fig. 7 is oisplayed by the mobile terminal 11 . 

[1 4 7] Write comp;:st!on response 

[0061] At the end ot the program write operation, the 
control unit 30 of tho UIM 12 transmits a wri^e completion 
notice to ths cist ricut ion managerr.ent sert'sr 1 6 togeth- 
er with the infcrm?.iion specityingihe basic block having 
the paiticular program whtten therein (stop 517) 
[0062) In the process, the scrsen D4 indicating tiiat 
the write operation is complete {the registration is over) 
is displayed, as shown in Fig. 7, on the display section 
2^ of the mobile terminal 11 After that, the screen is 
again turned to D1 by the user operation. 



r 1 .4.8] Distribution completion notice 

[0063] The distribution management server upon re- 
ceipt 0: a program write completion notice from the UIM 

5 12, registers ihe information specifying the written pro- 
gram in a data base as information corresponding to the 
information indicating ihe basic block of the UIM 12 m 
which the particuiar program is written. 
[0064] 3y accessing to the data base, the distnbution 

to management server IS can easily grasp the program 
stored in each of all the basic blocks 40-1 to 40-6 of ;he 
UiM 12. 

[0065] The distribution management server 16; upon 
distribution of a program into the UlfV; 12. starts ihe 

'5 charge process against the contents provider ot the con- 
tents server 19 from which the program is distribu-rjd. 
The timing of starting the charge process is not limited 
to this, but may becoincldentwith the timing of activarion 
described later. 

£0 [0066] Thecontents provider arecharged against the 
following items. 

(a) Rental charge for basic blocks in UIM 12 

?s [0067] Upon distnbu-ion of a program from the con- 
tents server 19 to the UlM 12, the particular prograrn is 
stored In one of ihe basic blocks 40-1 to 40-6 in the \J\Wi 
12. The particLjlar basic block can be considered to be 
rented to the contents provider owning ths contents 

30 server 1 9 for storing the program. Thus, a charge cor- 
responding to the rental period, i.e. the period during 
which the program is stored in the basic block is made 
against the contents provider as a rentai charge. 

35 (b) Transaction fee 

[0068] The program transmitted from the cohLsnts 
server 1 9 is distributed to the UIV. 1 2 through the proc- 
ess in the distribution managem;entserver16. Aconsid- 
40 eration for ths process performed by the distribution 
management sen/er 1 6 is charged against the contents 
provider as a transaction fee, 

[0069] The user ot the UiM 1 2 receives the serv!.:e sn 
terms of the distribution ot a program from the consents 

■fs sen/ if 19. and therefore is required to pay ti^e charge 
in consideration of theservice. The distnbution manage- 
ment server 16 may collect the service charge from the 
useron behalf of the contents provider together wit''; the 
communication charge forth© user, and delivers ths ool- 

50 lected service charge to the contents provider in the 
character of what might be called a "factor". In this case, 
the charge made against the contents provider may con- 
tain the factoring fee. 

[0070] Upon complete program distnbutior^, the distri- 
55 bution management server 16 notifies the consents 
sender 19 (step S18) 
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[1 4,91 Activation 

[00711 Ths proQr^m distributed to Jtie UiM 12 and 
stored in tne basic block cannot be executed by the user 
before activation, 5 
[0072] Ths Jser only receives the dislnbuiion but is 
not pen-nitted to sx&cute the prograrr; distributed to him, 
in order to triable the contents provider io control the 
program execation start time. 

[0073] Ths activs.tion is etfectiveiy utilized, for exanrs- ro 
pie, in the case where the tirne to start the use of a newty 
marketed game program is determir^ed. By use of the 
activation, the release date (program distribution date) 
and the date to start to use (activation date) can be set 
separately from each other, thereby making it possitjie '5 
to recuce the load on the contents server * 9. 
[00741 Another exampie Is & case in which the pro- 
gram for using the mobile terr-iinal 11 as a commutation 
pass is dtSiributeci to the UiM 12. in this case, the acti- 
vation is utilized to maKe the program executable fron^ 20 
the Eivst dale of the te,rm of validity of tne commutation 
pass. 

[0075] Tne operation for activation v/ili be explarned 
&c!ow with reference to Fig. 8. 

SB 

[1 .4.5.1 i .Activation feqjesi todistnbLition management 
server 

[0D7S] Whenever the activation becomes necess8P</ 
for a given progran-;, the contents server 19 sends an 30 
activation request to the distribution m.anagemrsnt serv- 
er 16 (step S21). This activaiion request contains the 
inforrriation specifying a progtam to be activated. Also, 
in the case wtiere only the program stored in the UIM 
12 of a specific :jser is activated, the activation request ^5 
contains the identifier (the telephone number of the nno- 
bile terminal 11 or an alternative identifier) of the partic- 
ular user. 

[1 .4.9.2! Activation request to iJIM -to 

[0077] The distribution m.anagement sen/er 1 6, upon 
receial of an activation request, issues an activation re- 
quest to the UIM 1? of ths mobile tenninai -il (step S22) 
A.S already described, the Information specifying the 
written program is registered in the ciaia base of the dis- 
tribution managefi-!£3nt server 16 as information corre- 
sponding to the information indicating the basic block of 
the UIM 12 in which the program is written. The distri- 
bution manageme-it ser>/er 16. upon receipt of the acti- so 
vstion request, referstothe particular data base and de- 
tenrnines the UIM '2 to which the program, io be activat- 
ed is distributed and the basic block in which the prc- 
gran- is written. In the case where the same program 
stored in a piuraiitv o; UIMs 12 is activa-ed; as many 55 
activation process.es as the UIMs 12 are performed 
Each mobile ten-ninal 11 in which the corresponding UiiVI 
12 is rnountec; or suilt is accessed, and an activation 



recues! is sent to ihe UIM 12. The activation request 
sent to each moDlle terminal 11 contains the information 
specifying ths basic blccit having stored therein the pro- 
gram to be activated. 

[0078] This aciivation request, when received by the 
mobile te.fmina! 11, is directly sent to the UIM 12. The 
control unit 3C of the UIW 12 executes the activation in 
accordance with the activation request. Specifically, the 
li'M 12 sets the activation flag from '0" to "1" for the 
basic block specified by the activation request The con- 
trol unit 30 of tne UiM 12 responds to a request, If .any. 
to execute the program stored in the basic block with 
the activation flag turned "1". A request, if any, to exe- 
cute Ihe program in the basic biock with the activation 
flag "0". however, is re;ec1ed, 

[1 .4.9.3] Activation end rasponse 

[0079J The UIM i2, upon complete p.'ogram activa- 
tion, transmits an activation end notice to ttie disfniaution 
management server 1 6 (step S23). This notice contains 
the information specifying the program of which the ac- 
tivation is ended, or more specif icatly, Ihs iniorrnstion 
specifying the basic block storing the particular pro- 
gram. 

[1 .4.9.4] Activation eompietion notice 

[OOSO] The distribution management server 1 £5. upon 
receipt of the activaiion completion notice from the Uli^i^ 
12, determines the basic block of the '0\U 12 in which 
\rs completely activated program is stored. The infor- 
mation to the effect that the activation is completed is 
registered in the storage area in the data base prepared 
for the particular b;*sic block, 

[0081] As the result of this registration, the distribution 
management server 16 can grasp, by accessing the da- 
la 'base, whether each prograrr; in the basic blocks 40-1 
to 40-6 is activated or not for aH the UIMs 12, 
[0Q82] Upon registration o! activation completion for 
ail the UIMs to which the program of which the activation 
is requested are distributed, ihe distribution manage- 
ment server f 6 notities the contents server 1 9 that the 
program activation Is complete (step S24). This notice 
contains ths inform.ation specifying ths program that has 
been activated. 

[1.4.10] Deactivation 

[0083] Thie program distributed to the UiM 12 and ac- 
tivated may require deactivation. This requirement oc- 
curs, for example, in & case where a program for the 
mobile terminal 11 to function as a credit card is stored 
in the UIM 12, and the user has lost the particular UiM 
12, In such a case, the deactivation Is started in re- 
sponse to the request from the user informed of the loss. 
Other examples include a case in which the use; that 
has received a service has failed to pay the service 
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charge before the cue date. !n such a case, at the re- 
ques: of ihe contents provider providing such a service, 
■he daac;ivatior! of ihe progfam for feceiving the partic- 
u'e-j service can be start'ea 

[0084] The deaciivation process wiii be explained be- 5 
lew with i-eferencs to Fig. 9. 

[1 .4.10.1] Deactivation request to distriaution 
marsBgement sen/er 

w 

[0085] The conteris server 1 9., whenever required lo 
deactivate a program distributed to a U!iW 12, sends a 
deactivation reques:- to the distribution management 
server 16 specifying the particular UIM 12 and the pro- 
gram to bs deactiViited (step S31 ). is 

[1.4.10.2] Deacrivation request to U'M 

[0086] Tl:.e distrib-Jlion rrianagement server 1 6, upon 
receipt of this deactivation request, accesses the data so 
case and dejermines thai basic block in !fie U!M 12 
specified Dy the desctivaton request which steles the 
program to be deactivated. Ther^, the distribution man- 
agement server 1£ sends ^ deactivation request to the 
mobile te.;-mfnai ii in which the particular DIM 12 is 5? 
.mounted or built fstep SS2). This deactivation request 
contains the infom-ation specifying the basic block stor- 
ing the program to bs deactivated, 
[aosn :":■;..:> ctj.tcjiv.-i! lon reqsjsst is sent to the UIM 12 
through the mobile terminfLl 1 1 . The activation flag pre- 30 
pared for -he basic Pioci< specified by the deactivation 
request is reset from '^1' tc- "C" by the UIM 12. After that, 
the execution ot tr^t program in this particular basic 
biock is pi-ohibited. 

35 

il 4 10.3] Deact;va<ron E5nd response 

[00S3] Ti^e UiM 1 S, upon temnination of the prxigram 
deactivaticn, notifies ihe distriOutton management serv- 
er 16 (step S33). This notice contains the infomiaiion 40 
specifyinc; the program which has been deactivated, or 
specirically, the infon-naticn specifying the basic bidck 
storing the prografr;. 

fl 4.10.4] Deactivation cor^pletion notice 4s 

[0089] The disiribuiion management server 16, upon 
receipt of a program deactivation end notice from the 
UiW 12, determines, Pasea on the notice, the b,isic 
bioci'i of the UliV 12 storing the program of which the so 
deactivatior; has oeer- completed The information tc the 
effect that the cleac;ivation is complete is registered in 
the storage area of ii-:-3 datji base prepared for the par- 
tiCLiiar basic bloc?!. 

[0090] Upon regisi-stion of completion of the deacti- SS 
vation. the distributor management se.fver 16 notifies 
the contents serv-er 15 of the completion of the dsacti- 
vasiort (step S34), 



II .4.11] Deletion (only when desired by use,--) 

roosi] A deactivated program wastcfuily occup:GS a 
memory area in the UliW 1£ It is desirable for both ine 
user and the co.ntents provider to dciets such an unnec- 
essary program The deletion of the program, howev^sr. 
cannot be left to the user. If the user arbitraniy deletes 
the p.'ogram in t.he UiM 12, the rent charging process 
for the UIM would continue to proceed in spite cf the 
program deletion, unless the fact of deletion is notified 
to the distribution management server 1 6 immediateiy 
[0092] According tc this embodiment, therefore, 
whenever the user desires tc delete a program, the pro- 
gram is deleted under the control cf the distribution man- 
agement server 16. 

[0093j A deletion, based on a reason on the side of 
the contents provider, is ba&caliy not penmitted due to 
the ,'esulting comrplication of the charging process. 
[0094] The operation of deleting a p-'ogram in re- 
sponse to the desire of the user will be explained below 
With .f-eferencs to Figs. 10 and 15 

.(1 ,4,11 .1] Program deletion request 

fOOSS] The user accesses p. predetermined horre 
page of the contents provider py operating the operating 
seciion 22 of the mobile terminal 1 1 A distribution men-.: 
screen 011 shown in Fig 1.5 is displayed on thedisDiay 
screen of the display section 21 of the mobile terminal 
1 1 . This distribution menu screen D11 is provided by the 
contents server 19 of the contents provider distributing 
the program. When the user selects a menu item mean- 
ing the deletion of a program, a screen 012 asking ;ha 
userwhetherthe deletion can be carried out is displayed 
on the display section 21 of the mobile terminal 11 ' as 
shown in Fig. 15, 

[0096] The user performs the operation permitting the 
deletion. The mobile temninal 11 transmits a progfam 
(applet) deletion request tc the contents server 19 
through the network (step S41) This request contains 
the information specifying the program to be deletes. 
[0OS7| With the transmission of a program deleiior^ fe- 
quest, a screen D13 indicating thai the deletion is gc^ng 
on, is displayed as shown in Fig. 15 on the display sec- 
tion 21 of the mobile terminal 11 . 

[1 .4.11 .21 Deactivation request to distribution 
rnanagemenl server 

[0098] The contents server 1 S. upon receipt of a pro- 
gram deietio,': request, sends a deadivation .■-equest to 
the distnbution management ssivcr 1 6 (step S42) T,h:;, 
deactivation request contains the information specifying 
the mobile lerminal 11 of the user r-equesting the pro- 
gram deletion and the infomnation specifying the pro- 
gram to be deleted 
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[1 .4.11 -£] D-jactivatic:?-'. requ&s! to 

[0039] Ths distribulion manaqoment server 16, upon 
receipl of a deactivAf.lon request, accesses the data- 
base and datGrmirifcs a basic block storing the program 
to be deseted. Then, 5^:^diS;rib•J^ion management server 
1 6 sends a de&ctiyftiicn request containing the infonna- 
tion specifving tiie panlcular basic block to the mobile 
termina! 1 1' of\ne use? requesting the program deletion 
(stop S43). 

[01 00] This dsadivatlon request is sent to the UiM 1 2 
Ih'-ough me mobils tsrrrinal 11 . The UIM 12resets, from 
"1" to tr,e activa-s.scn flag prepared fortne basic block 
specified by the deicljvation request. After that, the ex- 
ecution of the progfim in the particular basic block is 
prohibited. 



[1 4,11 ,8] Deieticn end response 

[01071 The UiM 1 2, at the end of the prograrr; deletion, 
iransmits a dijletion end notice indicating the program 
deletion to the distribution management server 1 6 (step 
S53). This deletion end notice contains the informslicn 
specifying the basic clock irom which the program is de- 
leted and the program deleted. At the sarrie time, a 
screen Di4 indicating the end of deletion is displayed, 
as shGV,fn in Fig 15, on the display section 21 of the 
mobile tfirtninal 11 . 



[1 .4.11 .4] Deactivation end response 

[0101^ The U!M 1 2 at the end of the program deacti- 
■ieac:livation end notice to the distri- 
3 (step S44}. This notice 
ccnlains the information specifying the basic block stor- 
ing the program deactivated. 



ition ma':agemef;! server 1 



[1:4 



.5] Dsactivation end notice 



[0102] Tns distribution management sender 16. upon 
receipt ot ti^e progra--n deactivation end notice from, the 
UIM 12, registers the information to the effect that the 
deactivation is con-ipiete. in Uie area of the data base 
correspondingtoih-s basic block oftheUlM 12 
by the desctivation end notice. 
[0103] The distribution management 
a program deactivanon end noti 
18 (step S45). 

11 4.11 .61 Deletion request to distribution management 



(1.4.11 .9] Deletion ccmpistion notice 

[01 08] The distribution management server 16. upon 
receipt of the deletion end notice from the tJliV! 12, reg- 
isters the information tc the effect that the program has 
been deleted m the storage area in the data base cor- 
responding to the combination of the user requesting the 
deletion and the program deleted. 
[0109] Then, the distribution managemem server 16 
sends to the conter^ts server the noticethat the program 
deletion is complete (step S54). 
[0110J fn the case where the charge piocsss against 
the conients provider has been made for the program 
deleted. ttie distnbUion manasement server ceases to 
charge the contents provicsr thereafter. 

[1 .4 121 Deletion (only when desired by distribution 
5 management server) 

[01 1 1] According 10 this embodiment, a prsgrann may 
be deleted by other than the intention of the user. An 
example is the expiry of a predetermined temi during 
to"the contents server 56 which a program can be used. 

[0112] The operation for deleting a program under the 
guidance ot the distribution management se-rver in such 
ase will be described beiow with reference to Fig. 11. 



[01 04] The contents server 1 9 , upon receipt of the de- 
activation end notice for the program to be deleted, from 
the distribution management server 16, requests the 
dlsiribLillon managsmeni server 1 6 to delete the partic- 
ular program (step S51) . 

[1 4.11 .7) Deistion reques! to DIM 

[0105) The cisti-ibutlon management server 16. upon 
receipt of tnc program deletion request, sends a pro- 
gram deletion re^i-i-sst to the V\M 1£ of the user who 
requests the program deletion (step 552). This ptocram 
deletion request ccntsins the information specifying tho 
basic block storing the program to be deleted. 
[01 OS] The prc-sram deletion request is sent to the 
UIM 12 through tna moiaile terminal 11 The UIM 12 de- 
ieles the program :n the basic block specified by the pro- 
gram deletion request. 



40 [1 .4.12.1 1 Oeacti^/ation request to Uifv! 

[0113] If the usabieterm of a program has expired and 
the program is required to be deleted, the distribution 
management sen/er 1 6, by accessing the data base, de- 

45 term.nes all the UlWs 12 10 wf^ich tne program to be de- 
leted has been disthbuted and the basic biocKs storing 
the program to be deleted in each of the UlWis 1<?, and 
sends a deactivation request to each of tne UlMs 12 
(step S61). Each deactivation request contains the m- 

sc> fonriaticn specif-ying the basic block storing the program 
to be deleted. 

[0114] Thic deactivation request is sent to each UiM 
12 through the mobile terminal 11. The UlM 12 resQts, 
from "1 '■ to "0", the activation flag corresponding lo the 
55 basic block specified by the deactivation request. After 
that, the execution oMhe prograrr. in the particular basic 
biock is prohibited. 
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[1 .4.12 2j DRacti\/fii';;on find response 

[011 5] A[ ^he 6r:d of !hs dtactivation. the UiiVi 12 
transmits a desctlv.ation end notice to the dlstritauiior, 
nsnagement server 1S (step 362), 

[1 4.12.3] Deactivstion compietion notice 

[■}116J ThG distribution managomeni server 16. upon 
rscsipt of the deect vation end notice from the party to 
which the prograrr^ vo be deleted ha& been distributed, 
rscisters the ;nfortT:at!on indicrsting the completion o' the 
deactivation in the storage area of the data base formed 
for the partieu !ar prsgram . 

[On 7] "t he distnbjEion management server 1 5 sends 
a prograrri deactivation completion notice to the con- 
tents server 19 (sJep S63). 

n 4 12 4] Noti;ica;icn o! deactivation completion r.otice 
receipt to distributien rnanagement server 

[0118J The contents server 16. upon receipt of the de- 
activation corr:pletiO:i notice from tne distribijtion man- 
agement server 16. sc-nds a deactivation receipt notice 
to the distribution rr^anagement server 16 (step S64). 

[1 .4.12.51 Deietion fsqusst to UsM 

[011Sj The Sratr.&.jtion manr^aement ser\''er 16, upon 
receipt of the deacti^^ation receipt notice, sends a pro- 
gram deletion request to the mobile teminal 11 that has 
transmitted the deactivation completion notice corre- 
spondinci to the deactivation receipt notice {step S71). 
The deletion reqtjssisent to the mobile terminal 11 con- 
tains the inforrriation specifv'ing the basic block storing 
the program to be dtiiated. 

[0120] The UtM 12: upon receipt of the dGiefion re- 
quest through the r!-:obile tenninai 11. deletes the pro- 
gram in the basse bsock specified by the request 

[1 .4.12,6) Deletion end response 

[0121] The Uirj! 12, at the end of the program cieletron, 
transmits a detetior^ end notice to the distrib^jtion rnan- 
agement sen/er 16 (step S72). This notice contains the 
infomnatiori specifying the basic block from which the 
progran? has been deteted. 



2D 
(step S73) 

[0124] At the same time, the distnbution managemer-t 
server ceases the charging process which may have 
hitherto been miade against the contents provider forthje 
s deleted prograrri. 

[1.4.12.81 Deletion resLilt receipt notice to distributios-i 
management server 

?o [0125] The contents server 19, upon receipt of the de- 
ietron completion notice from the distnbution manage- 
ment sower 16 sends a deletion result receipt notice to 
the distribution management server 16 (step S74) 

*5 M .4.13] Program distribution process for UIM version 
managemem 

10126] The contents sea-er 19may be requiredto dis- 
tribute a progtam voluntarily regardless of the desire on 

50 the part of the user. .An upgrade of the pr ogram that has 
been distributed is a case in point. 
[0127] In such a case, the distnbijtion cf the program 
of a new version to tbeUIMs 12 of ail the users to which 
the particular program has been distributed gives rise to 

?5 an inconvenience. This is by reason of tne fact th.-at the 
mobile terrni rials 11 are of vanous models, and the U]\^ 
specifications have various vetsions. it may happer-:, 
therefore, rhat a program of ia new version if sent ro all 
the UiMs. can be executed norrriaily oniy by the UiMs 

50 having a version issued at a certain time point or there- 
after 

[0128] According to this embodiment, at each time of 
an upgrade of a orogram. a version no-ice request is 
sent to the UIMs and based on the response to the re- 
35 quest, It is determined v^hetber the program ie to be dis- 
tributed or not to a given Uifil This operation ts shewn 
in Fig 12 Some of the UltVIs 12 support the function of 
notifying ihe version thereof in response to the version 
notice request, and other's do not. Fig. 12 shows the op- 
eration perfomied in the case whore a vei'sion notice 
request has been sent to a Ul.iVI supporting such a func- 
tion and the operation perfonned in the case where a 
version notice request has been sent to a DM not sup- 
porling the function. 

45 

[1 .4.13.1 j Operation for V\M supporting version notice 



EP 1 248 188 A1 



jl .4.12.7] Deletion compietion notice 

[0122] The distrib-jtrof- management server ie, upon 
receipt of the deiGtic-n end notice fr^om ail the parties to 
which the program tc be deleted has been distributed, 
registers the intonmation to the effect that the program 
has been deleted, in the storage area of the data base 
formed for the particular program 1o be deleted. 
[0123] The distribution management server 1 6 sends 
a deletion compietion notice to the contents server 19 



[1 .4.13.1.1] Program distribiriion request to distribution 
w management server 

[01SS] Prior to distribution of a program after upgrade, 
the contents server 1 9 sends to the distribution manage- 
ment server 16 a program distnbution request contaln- 
55 mg the information specifying the program and the ver- 
sion infomiation indicatingthe version of the IJIty 13 that 
can execute -he particular program (step S81 ) 
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13 1 2] Version ":Ot(ce request to UiM 

[D1S0] The distribu-ion managemont server 1 6, upon 
rscsiDt of the prograr-n distribution request, accesses the 
data base, determir^es all tne mobile terminals 11 to 
whion program specified by the program distribution 
request has been d^irributed, and sencis a version no- 
tice request to the mobile lernninals 11 thus determined 
(step S82) 

[' 4.13.1 ,3) Vfjrsion notice 

[0131] The versic-r, notice request is sent to each UIM 
12 thr:i;gh the rriobliG terminal 11 The UIM 12: upon 
receipt ct the version viotice request, noiifies the version 
thereof to the distribution management ser\'er 16 (step 
S83). 

■1 .4.13.1 .4] No prog:.?irn distribution notice 

■ O'iS.X] The distribution rr^anagement server 16 re- 
ceives a version nc^ce from each U!M 12 in the case 
where ihe version notice received from a given UIM 12 
fails to meet the conditions indicated by the version in- 
formation from the contents server 19; the contents 
server 19 Is noiified that the program cannot be distrib- 
uted to the DKrticjIar UlM s2 (step S84), 
[0133} in the cass where the version notice received 
from snother given UIM 12 meets the conditions indicat- 
ed by the version irstormation from the contents server 
19. on She other h.ind, the distribution rnanagement 
server 16 distributes the program to th;; particular UiM 
12. This operation is described above with reference to 
Figs. 6 and 8. 

(1 4.13,2] Operation for UIM not supporting version 
notice function 

jl . 4.13.2.1] Prograrrs distribution request to distribution 
management server 

[0134] The contents sen/er 1 9 sends a program dis- 
tribution request to distribution management server 
16 In the sarne manner as descnbed above (step S91). 

■ 1 .4.13.2.2] Version notice request lo UIM 

[01 35) The distrib^Jtion management server 1 6 sends 
aversion notice request to the UIM 12 of the mobile ter- 
minal 11 {step S92). 

[1.4,13.2.3] Timer count 

[013$] In this cas3. the UIM 1 2 does not suppor. the 
version notice fundion, and therefore makes no re- 
sponse. 

[0137] Thus, the ■iisfribuiion management seiver 16 
monitors the turner, and upon expiry' of a predetermined 



time-OEJt period (step 593), sends a version noticfi sa- 
qjest again tolheUIWi 1 2 cf the mobile terminal 11 (.step 
S94'!. Then, -he value on the retry counter is increment- 
ed by one. 

5 [0138] In a similar fashion, the cisthbution rrianacr-J- 
ment server 16 monitors the timer, and upon expin,' g! a 
predetermined time-out period (step S95), sends a ver- 
sion notice request again to the UIVi 12 of the mobsio 
terminal 11 (step S96), Then, the value of the retry coun- 

10 ter !s incremented by one. 

[1.4.13.2.4] Mo progran^ distribution notice 

[0139] Once again, the distribution management 
IS server 1 6 monitors the tinrisr. and upon expiry of a pre- 
deter-rrtined time-out period (step S97).. sends a version 
notice request again lo tr^e U I M 1 2 of the mobile letmirial 
11 (step S9B). Then, tne value on the retry corjnier is 
inGremented by one. 
so [0140] in the case wiisre the figure on the retry (X>i.in- 
ter reaches a predetermined value (3 in this case), -he 
distribution management server 1 6 detemnines that ine 
version of ihe UIM 12 f aits to meet the conditions for s.he 
version notified from tho contents server 1 9, and son':is 
25 a no-program distribution notice to the contents server 
19 (step S8A) 

[0141] As a result Vr-a contents sen/er 19 confirms 
that tne program of which distribution is desired, cannot 
be distributed 

30 

[1 .4.14] Program distribution process based on Ulfv^ 
memory capacity limitation 

[01421 The limitation of the memory capacity of the 
35 UliVt 1 2 may make the program distribution impossiL-jle. 
even if desired by the contents server 19. An example 
of the operation performed in such a case is shown in 
Fig 13. This operation will be explained below. 

40 (1 .4.14.1 j r-'?ejectlon by dLstribution management server 

[0143] Ttie contents serve-' 1 9 requests the distribu- 
tion management server 1 6, by attaching the program 
■0 be distributed, to send a program distribution request 

-'5 lothe Ulf\/i l2(stepS10l). 

[0144] Ttie information indicating the memory state of 
each UIM is registered m the databaseof the distribution 
management ssiver IS, The distribution management 
server 1(3, upon receipt of the program distribution le- 

50 quest to a given UIM 12, accesses the data base, and 
detenninss whether the basic block for the particL:iar 
UIIW 12 iS available for storage, or if available, is t-oo 
small in capacity to store the program {the capacity rnqy 
vary from one version to another of UIM) or whether 

55 there is any other stumbling block to the program oisin- 
bi-itton . 

[0145] In the case wnere the program cannot be dis- 
tributed, the distribution management ser^-zer 16 sends 
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it notice to the confsnts seiv&r 1 9 that the pragram can- 
f^Gt be d!st:ib;j:ed due to the shortage of the memory 
;:apactlv (sLep S1C2) 

[0146] As a resuft. the conients server 19 confiims 
that tns srot^ram for which dislribLition Is desired, cannof 
:bs .dfslributBd. 

ri .4.14.2) Rejection by uiM 

[0147j The momory capacily and the current occu- 
pancy state of each UIM 12 stb tegistered In the data- 
case of the ctsthbution management server 16. f-or 
some.- reason or other, however the actual UIW memcry 
st3:G may differ from the memory state regi-stered in the 
ciatatase of the dist:lbut:on management sen/er 1 6. The 
cporation perTorrned m such a case is described beiow. 
[01 48] First, the contents server 1 9 sends a program 
disiribution request together with a progrann lo the dis- 
irsbij'icn management server 16 {step S111>. 
[0149] The distribution management server 16 ac- 
cesses the data base and determines wi-^ether the basic 
b;oci< of the deslinajior; UIM 12 is a^/aiiabie for storage 
anc hfis a sulficien- capacity 

[aiSO] In the cas-a where tnc dctomiinatiori i& YES. 
\m distnbuliofi rr^anagement s;erver 1 6 se.'^ds a write .re- 
quest together wUh the program to the UIM 12 (steo 
S1i2). 

[01 S1] The UiiVl 12 that has received the v.fritfl request 
deter-mines whethfj:- the program attached to the write 
rec|L'est can be stored in any one of the basic blocks or 
hot. In the case where the determin;ition is NO tne UM 
12 sends a no-pro-grarr! distribution notice to the distri- 
bution m.anagerner!: sen/er 16 cue to lack cf memcjr^/ 
capacity (step S11 2), 

[01 52 j The distribution managennent server 16. upon 
receipt cf the nc-prcgranri distribution notice due to lack 
of rnemory capacity, sends It to the contents ser-^er 19 
(step S114). 

[0153] From this notice, the contents server 19 can 
ccnfirm that the prcgram cannot be distributed to the 
UIM to which the distribution is desired. 
[0154] It may aisc happen that a program cannot be 
stored in abaslcctccsc due to a write error n the memory 
of the UIM 12 or the malfunction ot the memory device. 
In such a case exacliy tne sarnie operation as described 
above is performed. Fig. 14 shows such an operation. 
In Fig, 1 4, steps SI 21 to S124 correspond lo steps S n 1 
to S114 in Fig, 13 a:-;d represent eixacily the same op- 
eration, respectively, 

[1 4,15] Specific eK--=.;mpls of oper&tion 

[01 5S] Now, a sp«:cific example cf the operation ac- 
cording To this embodiment will be explained 

[1 4.15 1) Execution of program stored in UIM 
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prog.'-am callfjd " C'G RAILWAY" is stored in the bas-Jc 
blocK 40-1 otthe U'M 12, 

[0157] The user operates the operating section 22 of 
the mobile terminal 11 and thus accesses the home 

5 page of the conients provider thai has distributes the 
"CO RAILWAY" program. A distribution menu screen 
D21 as shown in Fig, 16 is displayed on the display 
screen of the display section 21 , This distribution m;e.'-iu 
screen D21 is provided by the contents se^'ver 19 of trio 

'f contents provider The user performs the operalion for 
selecting an item concerning the pu.-'chase of a ccmnr.u- 
tation pass from the menu displayed on the cfistnbuticn 
menu screen D21 , A purchase reqsjest for 1 he commu- 
tation pass is transmitied from the mobile temiinal 1 1 to 

'5 the contents sen/er 1 9 through the networ-k. 

[0158] As a resuit, a download screen D22 is sent 
from the contents server 19 to the mobiie terminal 11 
and displayed on the drspiay section 21 . The download 
screen 022 contains a menu of several yaiue data hav- 
20 ing the same ;-none!ary vaSue as the commutation pass. 
[0159) Once the user selects the desired value data, 
the mfomiation requesting the selected value data is 
sent to the content.? server 1 9 from the mobile termlnai 

n. 

^3 [0160] After thai, the contents sen/er 1 9 sends to the 
mobile terminal 1 1 -he sc-een data for selecting a meth- 
od of account settlement. As a result, a scr-een D23 is 
displayed by the m-sbiie terminal 11 The userseiecfs 
"SEL.P-.CT FROM JilVj Pi/!FNiU" from the menu :tems irs 

30 the screen D23, and thus can settle the account by use 
of the program in the Uif\^ 1 2 Specificaliy, once this se- 
lect operation is perfonried, the UiM 1 2 is notified of the 
fact. Upon receipt of this notice, the confroi unit of the 
UIM 12 returns to the mobile terminal 11 the list of the 

•35 programs stored in the basic blocks 40-1 to 40-6 The 
sc-een D24 containing this list is displayed on the dis- 
play section 21 of the mobile terminal 1 1 . The user se- 
lects a settlement program from the list. The selected 
program is executed by the UIM 12 thereby to settle the 

''fo account, 

[0161] Assume that the account is settled by execut- 
ing the program in the program area 41 of the bsisic 
block 40-2, The data area 42 of the same basic block 
40-2 !s used for sefthng the account. 

*5 [0162] The conients server 19, upon detection tnat 
the account has been settled, sends the value data of 
the commutation pass included in IfiecornrTiijtationpass 
purchase request described above, to the mobile te.rmi- 
nal 11 . This value data contains the Infonnation such as 

so the names of the t^'o stations involved, the validity ler-m, 
the name of the user and the age of the user and are 
sent from the nobiio temninal 11 to the UIM 12, The val- 
ue data, which are to be used for the "CO RAILW.AY" 
program, are stored in the data area 42 of the b&&c 

S5 block 40-1 corresponding to the same data in the UIM 
12, 
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[0156] In this example of an operation, assume that a 
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[1 4 15.2; ?y!ail orcl&r sale using network 

[0163] in tnis exsrnoie d ar operaLson, a program (or 
a mail order sale is %\ore6 m the basic block 40-2 of the 
UIM 12. 

[0164) The user accesses the home page ot the cofv 
tents provider by cpsr-ating tiie operating section 22 of 
tfie tnobiie terminai "Si. so that a dislribulion menu 
screen D3n shown Fig. v; is displayed on the display 
section 21 of the rnobiie temiinal 11. This dislrlbution 
menu screen 031 is provided by the contents server 1 9 
o? the contents prov-dsr which In turn provides the mail 
order sale (v^hat is called ''e-connnnerce") service utiliz- 
jog the net>/^ork. The Jser selects the desired corrmodity 
(MATSUZAKA BEHF FOR SUKIYAK!. Y5000/KG, in 
F-ig 17) Ircrn the corrimodities listed in the distribution 
menu screon D31 . Then, a purchase request is trans- 
mitted from the mobile terminal 11 to the contents server 
1 9 through lh;e network. 

{01651 T^'iS conterits server 1 9 that has teceived the 
pLrcha&e req^uest refurns a ssitlement method screen 
032 to the mobils? terminal 11. As a resul! e select 
screen D32 is displayed on the display section 21 . 
[0166] From the sottlomont methods listed in the se- 
ioct screen D32. the user ts ass-unned to havo selected 
"XX BA\iK", The serucment program for XX Bank stored 
in the basic block 40-3 ot the 'JIM 12 is slar^;ed by the 
control iinit 30 of the UtM 12 and a settlement screen 
034 is displayed. 

[01673 ~hs user inputs the persona! identification (ID) 
number as settler-sent information. The mobile terminal 
11 tries to connect the setilement server tor XX Bank 
through a communication unit 34 and the network, so 
that the screen D35 being accessed is displayed. 
[0168] Upon complete authentication, a purchase 
amount conlirmaticn screen D36 is displayed. 
iOISS] The user confirms the amount ki bs paid and 
inputs the confhTrstion. The mobile term.inai 11 displays 
a payment confirm-ation screen D37 of the contents pro- 
vider, i.e. the mail order house together with the delivery 
date, etc, 

[1 4.15.31 Use ot commiilation pass (check gate 
passage, manua: start) 

[01701 Accordir>?s to this embodiment, the mobile ter- 
minal 11 can be Uissd as a commutation pass by storing 
an appropriate program in the UiM 12, An example of 
operation will be explained below. 
[0171] First, the user depresses a button 23. A UIM 
menu screen 04.- shown in Fig. 18 is displayed on the 
display section 2- . The user selects "' X' RAILWAY" for 
which the commu^tation pass is used. As a result, the 
control unit 30 of tne U;M 1 2 executes the RAILWAY 
program in the basic biock 40-1 . so that a menu screen 
D42 IS displayed on the display section ?1 
[0172] Whenthe screen D4? isdisplayed, the userse- 
lects "4 SET APPLICATION AtJTO. START". An auto- 



matic start set confiTn screen D43 is displayed thersLry 
prompting the user to select. 

[0173J In the case where the user £.eiects "YES", the 
automatic start is set. In the case where the user se:-sc- 
5 tion is "NO", on the other nand, the automatic start is not 
set. 

[0174] The gate of the railway company is equipped 
With a ticket check reader./whten Before passing through 
the gate, the user perfomis the following operation.^ 
10 [0175] First, the user depresses the U button 23. ; he 
UiM menu screen D41 shown in rig 19 is displayed on 
the display section 21 . The user tnen selects " GO RAIL- 
WAY" for which the pass is used. As a result, the control 
unit 30 of the UiM 12 executes the CO RAiLWAY pro- 
's gram in the basic block 40-i . and displays the menu 
screen D42 on the display section 2t . The user selects 
" 1 . PASS". The pass program constituting a part of the 
CO RAILWAY program is started by -he control unit 30. 
m accordarice with this pass program, the control unit 
so 30 begins communication with the ticket reader/writer 
fo!- pass check, in the case where this communication 
IS carried out by tne common key cryptosystem, for ex- 
ample, the pass check process is performed following 
the steps described below. 

(1) Each party checks the other party 

(2) The ticket check reader/writer requests the r-io- 
hile terminal 11 to transmit infonrnation on the com- 
mutation pass. 

30 (3) The mobile terminai 11 encrypts the pass infor- 
mation by the common key and transmits it to the 
licket check reader/writer. The pass infomnation dis- 
play screen D53 is displayed on the display section 
of the mobile terminal 11, 

35 (4) The ticket check reader/writer decrypts the re- 
ceived commutation pe.ss information, and, in the 
case where the user Is found to be legitimate, the 
gate is opened to allow him in , 

•10 [0176] At the same tim.e, a message screen D54 for 
expressing gratitude to the user is displayed on the dis- 
play section 21. 

[0177] '^be foregoing descnpticn deals with the com- 
mutation pass, in the case where the mobile terminai 11 
45 is used to tunction as a private card, however the data 
area 42 Is updated to indicate the value data corre- 
sponding to the amount alter subtracling the actual 
Charge in the process of (4) above. 

so ['.4.15.4] tJse of commufalion pass (gate passage- 
auto, start) 

[0178] When the screen D43 shown In Fig. 1 8 is dis- 
played, the user can select "YES" and the automatic 
55 start is set. The following operation is performed. Spe- 
cifically whei^ She mobile terminal 1 1 set to the automat- 
ic start mode approaches the gate of the stalior-. a poil- 
ing signal transmitted from the ticket checK readei/writsr 
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is ■■Roeived bytne nobilfi terminal 11, As a result, ihe 
pass program cons!itutinc| a part of the ("X":' RAfLWAY 
program i£ autom&tically startec by the control unit 30 
in she U;M 12. ane ;he pass check similar to the manual 
Start is carriea cut. 

{1.53 Effect of first erRbodiment 

[0179] As described abo\^e, according lo this embod- 
iment, even in the obsq where the storage area of the 
storage module Is divided to store each program, the 
mobu; sermtnal si?Tnply provides the comrriunication 
•function to the U'M., and r^o extra burden is imposed on 
the mobile terrni;-iai Tno:efors, the inhsrent function of 
the n-;ob:le terminai is not adversely affected 
[0180] Also, the p'ogram storage, the activatscn, the 
deactivation and the deletion are not carrleo out by the 
mobiie terminal, bL^i jnder the control of the cistribution 
man;scjemenl set-ver Thus, the user convenience is im- 
proved while at the same- time maintaining security 

[2j Second embodurient 

[0181] According to the first embodiment described 
above, the prograrr: executed by the tJiM 12 is stored in 
tha basic blocks 40-1 to 40-6 ir^ ti-^o same UiM. In the 
second embodiment, however, alitho programs execut- 
ed are not necessarily stored in the basic blocks. 

[S."!] Configuration of second embodiment 

[0182] F-ig. 21 is 3 block d lag rami showing a configu- 
ration of a pragrarr: distribution system according lo a 
second embodimem/cf the invention 
[0183] A UiM 12, contents servers 19-1 to 19-S and 
i9X and a distribjs on management server 16A are 
shown in Fig. 21 . The distnbuticn management server 
1 6A corresponds to the distnbytion management server 
16 of the firs; enrrbodlment plus the functions unique to 
this embodiment. The contents servers 1 S- 1 to 1 9-6 and 
19X have stmiiar functions lo the contents se.'ver 19 of 
the first emibodimer;'. The system according to this em- 
bcdimerii has an aui nentical ion server, as in the first em- 
bodiment, not shown In Rg. 21. 
[0184] The liW, 12 according to this embodiment in- 
cludes an application area 12C shown in Fig. 22 in place 
of tfifi fipplicfiiion a-ea 12B of the first embodiment. The 
program storage area 12C ;& divided into seven basic 
blocks 40-1 to 40-7 and one free basic block 40-1 . 
[0185] The basic blocks 40-1 to 40-7 and the free ba- 
sic block 40- F1 each have a program area 41 and a data 
srea 42. A program (application or applet) is stored in 
tho program area 41, The data area 42, on the other 
hand, has stored th^.rein the data used toy the program 
stored rn the prognsm area 41 of the same basic block 
or the free basic biock. 

[0186] In this case, the basic blocks 40-1 to 40-7 and 
the free basic biock 40- Fl are Independent of each oth- 



er, and basically, the program stored in Ihe progrsim area 
41 ot a given biock cannot access the data area 42 of 
other blocks This is also the case with the first embod- 
iment. The program stored in ihe program area 41 can- 
not be distributed or deleted without intermediary of tns 
distnbufion management server 16A The data area 42, 
however, can be directly operated through the distriCu- 
tion management server 16A or a iccai terminal as In 
the case where electronic money :s downloaded from 
'0 the ATM. This point is also similar to the first embcdi- 
rnenf. 

[0187] Accoroing to this embooirnent, the distribution 
of the programs stored in the basic blocks 40-1 to 40-7 
is controlled by ihe distribution manageme.ni ser\'er 

'5 16A The program stored in the free basic block 40-F1 , 
however, is controlled not by the dislnpution manage- 
ment sener 16A but on the user's own responsibility. 
[0188] According to the first embodime.nt. the pro- 
gram transmitted from the contents sen.-er 1 9, in accord- 

-t' ance wit ti the d istribu t io n leq uest f rorn t he m cbiie termi- 
nal 11. is sent to the IJiM 12 by the distribution manage- 
ment server 16. The distribution managemeni server 
16A according to this embodiment, on the other hand, 
accepts the program distribution request from the mo- 
bile terminal 11, and on acquifing she program by ac- 
cessing the contents server as required, distributes it to 
the UIM 12 of the mobiie terminal 11 The distribution 
managemorit ser\'er 16A according to this embodiment 
is similar to the dislribufion management ser-jer 16 of 

30 the first embodiment in that the program dislributlon 
from the contents server to the U\M 12 is reiayed and 
managed. This operabon. however, is not the only func- 
tion of the distribution management server 1SA acco,rd- 
ing 10 this embodiment. Specifically the dlstnbutton 

3S management server 1SA has means for storing a pro- 
gram! orthe infonnation indicating the location of the pro- 
gram for the benefit of the user of the UIM 12, and any 
of the programs stored in this means can be acquired 
by the user through the distribution management server 
16A in this sense, the distribution management server 
16A exhibits a function similar to a cache memory for 
the UIM 12. 

[0189J In order to manage the program dtatributio.n to 
the UiM 12 and exhibit the functron likea cache memory, 
■fs the distribution management sen/er 16A Includes a drs- 
■rlbuilon management unit SC. The distribution manage- 
rrient unit 50 fias a user information sioragB unit 51 ar-d 
a progratr, information storage unit 52. 
[0190] The program information storage unit 52 has 
50 stored therein a program proper era iJRL corresponding 
to the pr-ogram that csn be Cistilbuted to the UIW 12. 
The URt. is the information indicating the address of a 
specific one ofths contents servers 19-1 to 19-S and the 
vs.ry contents server where a partrcuiar program is lo- 
ss cated. Which is to be stored ;n the program information 
storage unit 52 for a given pr-ogram the URL information 
or the program proper can be determined based on the 
storage capacity of the program information storage unit 
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52, O!- !n the case vA->e^e thfi storage capacify is suffi- 
cieni , can be sslects-d as dssired by the contents pro- 
vidfer operating the cistribution seryer. 
10191] The chanci of storing a new program or ttje 
URL iherecl in the p-ocram information storage ur.if 52 5 
is givsn, fof oxan-ple, in tha case where tlie mobile ter- 
rrrina: 11 of a givan user sends es progcam aistribution 
request, and a progi am or the URL thereof meeting the 
peniC'Jiar cistribijtlGn request is noi stored in the pro- 
gra-T! informatior: storage unit 52. In sucti a case, the 'O 
program in'onriation storage unit 52 accesses the con- 
tsrsrs server and aca-Jires and stores the program de- 
sired by the user Ir; compliance with the request from 
the mobile terminal '1 , 

[01S2] The user inronnarion storage unit 51 includes '5 
n in ■> 1) individual L^ser inlormation storage units 53-1 
to 53-n corresponding to n persons to which the system: 
according to the inver>tion. is applicable. Each individual 
user information ssto- age unit 53-s. has a real distribution 
intosmation storage ^.^nit 54 and a virtual distribution in- so 
formation storage un:t 55. 

[0193] The real distribution intormation storage unit 

54 of the individual jser informat'On storage unit 53-k 
has stored therein pointer dalaccn-espondingto the pro- 
gram actually distnfcjted to the UIM 12 of the- user k. 
The pointer data is ^or indicating a particular area In the 
program information storage unit 52 where the program 
or the URL thereof is stored The avaiiabilrty of the real 
distribution infonma!;c;n storage unit 54 makes it possible 

for the distribution rrsanagernent server 1 6A to immedi- 50 
atsiy redistribute a^iv program, if erased, in the basic 
blocks 40-1 to 40-7 of the UIM 1 2. 
[0194] The virtual distribution inionnation storage unjf 

55 of the individual user information storage unit 53-k, 

on the other hand, ss ores the pointer data corresponding 35 
tc an available progrsm. though not actually distributed 
to the UIM 1 2 of the user k, thai can be imimediately dls- 
trioLited to the UlM 12 of the user k who is desirous of 
having such a program. The user of the UiFvl 1 2 can re- 
ceive the following services by use of the virtual distri- -to 
bution infomiation storage unit 56. 

(a) The pointer -^ata of a programi of which distribu- 
tion to the UlW 12 is desired Is provisionally stored 
in the virtual distribution infGrmation storage unit 55. -^^ 
The user, whenever the distribution of the program 
with the pointer data thereof stored in the virtual dis- 
tribution infom-i.ation storage unit 65 is required, 
sends a reqije.5t to the distribution managei-nent 
sen<'er 1 6A usin..^ the mobile tenninal ll . The distri- so 
bution management server 16A reads the pointer 
data of the requested program Srom the virtual dis- 
tribution infon^ation storage unit S5. and acquires 
and distributes the program specified by the partic- 
ular pointer daia to the U!W 12. In this case, the 35 
pointer data o'' the program distributed to the UIM 
1 2 is moved fi-cm the virtual distribution information 
storage unit 55 to the real distribution information 
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(b) The number of the basic blocks in the UIM 1 2 ;s 
limited. ITrerefore. it may happen that all the bas:C 
blocks are occupied and no basic block is avsilab-e 
fcr storing the program to be distributed in such a 
case, the distribution management ser^'er 1&.A 
reads the pointer data from the storage area corre- 
sponding to a given basic biock 40-X in the U IM 1 2. 
from among the storage areas in the real distribu- 
tion information storage unit 54. and transfers it 
the virtual distribution information storage umt 55, 
The program, to be distributed is sentto the UiM 12, 
where it is written in the basic block 40-X. and the 
pointer data of the program is written in the storage 
area corresponding to the basic block 40-X in the 
real distnbution information storage unit 64. This 
process makes it possible to acquire a program; by 
B distribution request and store it in a basic block 
even in the case where the basic blocks are fuSiy 
occupied. In the process, with regar d to the program 
driven away from the basic block, a request may be 
given again, if required, to the distribution manage - 
ment sen/er 16A and the process described in ;a) 
above: can be car.riod out. 

[01 6S] Now. an explanation will be given of the lunc- 
lion of the distribution management sen/er ISA cor.'s- 
sponding to the free basic block 40- F1 . As already de- 
scribed, asfor thefrf>e basic block 40-F1 , the dlslriburlon 
management servet 16 does nof manage the program 
distribution. The user, by operating the mobile terminal 
11 , can freely register or deiete a program in the free 
basic block 4G-F1 . 

[01 SS] The real distribution information storage unit 
54 of the individual user information storage unit 53 h.as 
a storage area corresponding to the basic block 40- F1 
of the UlfW 12. in this area: however, no pointer data of 
a program is stored, but the data including the nurrber 
of times a program is registered in or deleted from the 
basic block 40 -F1 or the URL information thereof, in the 
case whore nothing is stored in the free basic biock 
40'F1 : the data indicating ihefact ("Null" data, etc.) may 
be stored in this area. 

[0197] The program in the free basic block 40-Fl ot 
the UIM 12, should it be deleted, unlike the programs 
stored m the basic blocks 40-1 to 40-7, remains as it Is 
until registered agasn by Ifie user himself. 
[DISS] In the case where the user is desirous of 
changing Lh© program in the free basic block 40-Fl tem- 
porahly to another program, on the other hand, such a 
change can be made always by the user himseif rewnt- 
ing it. 

[0199] in such a case: the distribution management 
server 1 6A cannot carry out the charging process even 
if a program is stored in the free basic block 40-F1 , 
[0200] The free basic biock 40-Fl can be changed so 
that i! can be handled the same way as the basic blocks 
40-1 to 40-7 as desired by the user Specifically before 
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the cfiargs, seven tasic blocks 40-1 !o 40-7 and oris 
free basic block 4G-r1 can be used as eight basic blocks 
40- 1 to 40-3. 

[0201] !n such s case, ths infor mation to the effect that 
the free basic block 40-Fi has been chancjfid to the be- 
sic block 40-8 )s written by the distribution tnanagsment 
se.^er 16A in the sysfflni area 12A (Fig. 4) of the UiM 
12. Also, the area in the real distribution infcrrnation stor- 
age unit 54 that has hitherio been handled as an area 
con espondingto ths free basic biccii 40-F1 can be hari- 
■died by the distribution management server 16A as an 
area corresponding to the basic block 40-8. and using 
this area, the same management as that of the basic 
blocks 40-1 to 4G-7 :s started. 
[0202] The basic t.iock that has been changed lo tns 
basic block 40-S by the user in this way can bs restored 
to the frea basic bicck 40- F1 again. The basic blocks 
40-1 to 40-7 cannot changed to free basic blocks, 

[2.2] Configuration of distribution nianage.7!ont server 

(0203] Aconfiguraiion ofthe distribution management 
serveris shown in Fig, 23, 

[0204] Tho d!.'Strlb:!;ion management server 16A is 
roughly configured o; a transmission control unit 61 . the 
user information stc-age unit 51 described above, the 
program information storage unit 52 described above 
and a s«icure ccmm^jnicalion control ijnit 63 
j;020S| The transmission control unit 61 conli-ols the 
transmission between the external contents seniors : 
1 9-1 to 19-6 or between the mobile terminals 1 1 (includ- 
ing the transmission between the contents servers 9-1 
to 1 9-6 and the mobre terminals 11 ) The transmission 
controi unit 61 also controls the transmission between 
the user information siorage unit 51 . the program infer- s 
mstior storage unit 52 and the secure comrriunicarion 
contfDi unit 63 to each other. Further, the transmission 
control un;t61 ccntrolsthe distribution managemenfunit 
50. the user infotmf:iion storage unit 51. tfie program 
informatior^ storage urM 52 and the secisre commu'nica- 4 
tion control unit 63 on the one hand, and requests the 
execution of various processes in the distnbut:on man- 
agement unit 50, thfc user information storage unit 51, 
the program iniormaiion storage unit 52 and the secure 
con-imunication contro! unit 63 on the other hand, 4 
[0206] The prcgram information storage unit 62 sub- 
stantially functions as a portal site for the program obi- 
mitted to be distribu-ed to tns basic bloclts 40-1 to 40-7 
oftheUtMIS. 

[0207J The secure communication control unites au- Si 
thenticatesiheinfonrration (an encrypted program, etc.) 
sent from the contents servers 13-1 to 1Q-6. holds the 
public key paired wish tne private key held by each UiM, 
and manages the issue of the public keys for the con- 
tents serx'srs 19-1 to -^5-6 Si 



12.3] Operation of second embodimen! 

[2,3.1] Reg:stration in user iniormation storage unit 

' [0208] in t.he example shown in Fig 21 the contents 
senk^ers 19-1 lo 19-5 are under the control of the distri- 
bution management ser^^er 16A, The user desirous of 
using a program (applet) stored in any of the contents 
seri'ers is required to register the particular progran-; in 
"J the user information storage unit 51 of the distribution 
management server 16A. The registration process I'^ili 
be explained below with refe.'-ence to Fig. 2d. 
[0209] First, the user sends a request for a menu iist 
of the programs that can be registered, to the distribution 
s management sen^/er 1 6A Irom the mobile terminal 1 ■ . 
I his request is sent to the program information storace 
unit 52 through the transmission control unit 51 of the 
distribution management server 16A (step S131). 
[0210] The program information siorage unit 52 tnai 
' has received the request prepares a menu list of ail the 
programs that can be registered or specifically, all the 
programs of which the program proper or the URL is 
stored in the program information stoiage unit 52, and 
transmits tho menu list through the transmission controi 
■ unit 61 to the mobile terminal n (step S 132). 

£021 1] This menu list is received by the mobile tern-;- 
nai 11 and displayed on the display section 21 , Under 
tnis condition, the user can Bccuire, by operating the op- 
erating section 22; 3 comment on the desired program 
from the distribution management sen/er 16A and dis- 
play it on the display section 21 , 
[0212] Once the program of which distribution is re- 
quested is determined by the user operating the oper- 
ating section 22. the mobiie terminal 11 transmits a reg- 
istration request containing the information specifying 
the particular program to the program information stor- 
age unit 52 of the distribution management server 1 6A 
{step SI 33). 

[0213] The program information storage unit 52. 
based on the program registration request, registers ths 
prograrri requested by the user in the user information 
storage unit 51 (step S134). 

[0214] Ths operation in step SI 34 will be descnbeci 
in detail, f-irst, assume that the registration request is 
issued from the mobile unit 11 in which the UIM 12 of a 
given user k is built or mounted In this case, the pro- 
gram information storage unit 52, based on the regisifa- 
tion request, identifies fheprogram requested by the ijs- 
er and delennines the pointer data for spf:cifying tne 
interna! area of the program information siorage unit 62 
in which the URL tnfomnation indicating the location of 
the program or the program proper thereof is stored 
Ones the pointer data of the program requested by ire 
user is otitained in this way the program information 
storage unit 52 accesses the contents stored in each 
area of the real distnbrjtion information siorage unit 54 
of the individual user Information stor'age unit 53-k cor- 
responding to the userk, and thus determines the bas^c 
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block 4C-X (1 S X 5; 7) svallabis for storage among the 
bssic blocks: of ihs L'iNI 12 of ihe user k. The pointer 
data of the program --squesled by the user is fegistered 
in the area of the real distribution inlormation storage 
uri;t 54 corresporid'nc; to the ba&ic b!oci< 40-X (step 
it may be that sne UIM 12 of the user k has no 
basic block 40-X (1 rs^x ;? 7) available for storage In 
such a case, the program mfonnation storage unit 52 
registers the pointer data in the virtual distribution irfor- 
nation storage unit 55 designated by the user or set au- 
tomatically. 

[0215] in step S141 , the msnu iist may not have any 
desired program. In such a case, the user can request 
the program information storage unit 54, by operating 
tnt mobile temrnal - 3 the desired contents 

server In th;S case, ts^e program information storage unit 
54. in compliance wltn the user request, acquires the 
program or the URL thereof from tne contents server 
desired by [he user, and holds it in the unoccupied area 
in the pro(^ram. in!ors?ialion storage unit 54, in the proc- 
ess, the pointer da-?; indicating the location of the ac- 
quired program cr trie URL thereof is registered In the 
real distribution irJ'on-natioti storage unit 54 :n the same 
manner as the procedure mentioniid siljove. 
[0216) Upon ccmpiste registration of the ptogram re- 
questedby the user \r, this way. the distribution manage- 
ment server 1 6A sta:-t& the charge process for the user 
or the contents prc-v der that has distributed the partic- 
ular program. 

[021 7J Then, the user infcnmation storage unit 61 
sends a registration notice to the mobile terminal 11 
through the transrri^ssion control unit 61 (step S135). 
[021S5 Th9 mobile teimlna! 11 . upon receipt of the reg- 
istration notice, sends a registration acknowledgment to 
the distribution management ssn/er 16A (step S136). 
[021 9| The user information storage unit 51 , upon re- 
ceipt of the registrj-dion acknowledgment through the 
transmission controi unit 61 from the mobile terminal 1 1 
having the UIM 1 2 o! the user k built therein or connect- 
ed therewith, deterrr-^ines the contents provider 19 stor- 
ing the program of wriich the pointer data has been reg- 
istered for the user k. and sends an activation permis- 
sion request to the contents server 1 9 (step Si 37) 
[0220] The contents server 1 9 that has received the 
activation permission request. In order 10 approve a pro- 
gram utilisation contract, sends the activation permis- 
sion to the i-;s&i intc-si-iation sitorage unit 51 (step S13S) 
As a result. Xha user information storage unit 61 consid- 
ers that the use is permitted of the pointer data stored 
in that area of the r^al ai3tribL;1ion information storage 
unit 54 of the individual user infomnation storage area 
53- k for the user k vvhich corresponds to the basic biocK 
40-X. 

[0221] The user infonnaSion storage unit 51 sends a 
registration completion notice indicating that the regis- 
tration in the mobiie lemninal 11 is completed (step 
S139). This registration completion notice conTains s 
registration list providing a lis! of the programs with the 



pointer data thereof registered in she user information 
storage unit 51. 

[0222) The user can confiirri the registration iist from 
the display section 21 of the mobile terminal 11 

5 

[2.3.1 .ij Registration of UIW m basic block (the contents 
serve r ho id ing ttie p rogram) 

[0223] Tne user k who has rece-ved the reg.straitcn 
w list can req uest the program for which he has requested 
registration, to be distributed and wntten in the UIM 1 2 
With reference to Fig. 25, this operation will be ex- 
plained. 

[0224] The user k pe.'formsthe operation for selecting 
75 a program of which distribution is desired from the reg- 
istration list. Then, a distribution request containing the 
pointer in the registration list, indicating the position 
number in the registration list where the particular pro- 
grarr: is located, is sent to the user informaiion storage 
20 unit 51 of tfie disiribution management server ISAfrom 
the distribution term.inal 11 (step SI 41). 
[0225] The user information storage unit 51 . upon re- 
ceipt of a distribution request from the mobile terminal 
11 of the user k, roads the pointer data specifying trie 
35 place of stoiing the program proper or the URL of the 
program roquiring distribution, from that area of the real 
distribution information storage unit 54 of the individual 
user information storage unit 53-k vt'hich corresponds to 
the pointer in the registration list contained in she partic- 
30 ular distribution request. The distnbtjtion request con- 
taining the pointer data is sent lo the program informa- 
tion storage unit 52 (step Si 42). 
[0226] The program Informaticn storage unit 5? ac- 
cesses the area specified by the pointer data in the par- 
3s ticular distribution request, in the case where the UftL 
d the program is stored in the area, the program distn- 
bution is requested from the contents server 19 using 
the URl (step SI 43), 

[0227] The conter^ts server 19, upon receipt o- this 
40 distribution request, requests the authentication sswer 
18 to issue a public key for the distribution management 
server {step SI 44). 

[0228] In the case where tne contents server 18 is per- 
miltad to write in the UiM 12, the authentication server 
4s i8issuesthepublickeyfortne distribution management 
ser\-er to the contents server 1 9 (step S145). 
[0229] The contents server 1 9 encrypts the program 
usir^g the public key for the distribution managemenl 
z&r\-Qt. and distributes it as a program, with a certificate, 
so to the secure com.munication control unit 62 of the dis- 
tribution management server 16A (step S14S) 
[0230] The secure communication control unit 62 has 
stored therein a distribution management server pnvate 
key pairedwiththedisthbution management ssrverpub- 
.55 lie key, and using this private key, decrypts the program 
with a certificate. In the case where this decrvption ss 
successful, a program written in a common text is ob- 
tained. 
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[0231] Tne secure conimunication control -jni! 6? ac- 
quires Ihe UlPvfi pubiic key corresponding to tf:e cJes-ina- 
tion UiM 12 from -he authentication server {refer tc the 
firs;! enbodiment;, and encrypting the program by tiie 
Ul^^ public key, s&nds rt to the UIM 12. In the Uli\^ 12. 
the progrsm Is oecr/pted using the UIM private key 
5a:red with tlie UiM public l<ey. Once the decryption is 
successful, aprogra-n in a common text is obtained. The 
U iM 1 2 writes this program in the basic block 4.0-X (step 
SI 4 7). The UiW 12 determines til© basse block 40-X by 
the same algorithm as used by the progra.Ti information 
storage unit 52 ir; the distribution manaQement server 
1 6.A. in step SI 47, ttieref ore, the same basic biock AQ-X 
is obtair^fid as deSe-mined in step S134 o! Fig 24. Alter- 
natively, the registration compietion notice transmitted 
from the (iistribution management server 1 6A in step 
S1S9 of Fig. 24 may contain the information specifying 
the unoccupied basic block 40-X determined in step 
S1 3*;. and in step S ;47 of Fig. 25, the program is slored 
in the basic block 40-X specified by the paiticuiar infor- 

[02321 The UIM 12, at the end of ths program write 
operation, transmits a wriie end notice to the secure 
communication control unit 62 of the distribution rran- 
agement sen/or 16 (step S148). This write end notice 
contains tng ir;fofmgtion for specifying the basic block 
dO-X in wh;ch tho program is written. 
[0233] Wher; the secure communication control unif 
6S of the distnb;jt:on management server IS receives 
the write end notice the user information storage unit 
51 sends an acEiv.?it:on request to tho contents server 
1 9 in order to rsqi.:est the permission for execution of 
the program written m the UIM 12 {step S149}. 
[0234] The contents server 19 that has received this 
activation roquesl sends an activation pennission tc the 
user information storage unit 51 (step SI 50). 
[0235] The user information storage unit 51 that has 
recer/ed the actkration permission sends an activation 
instruiction to trie UiM 12 (step St 51). 
[0236j In the UiM 12, upon receipt of the activation 
instruction, the activation flag corresponding to the basic 
block 40-X in which the program is written turns from ''O" 
to "V'. after which the execution of the program in the 
pariicuiar basic block becomes possible. 
[0237] The UiM 12, at the end of the program activa- 
tion, transmits an activation acknowledgment notice in- 
dicaiing I he end o; ine program activation to the user 
infon-nation storage Linit 51 of the distribution manage- 
ment sender 1 6A, together with the infonnation specify- 
ing the program (tor example, the infomietion specifying 
the basic block 40-.<; (step S152). 
[0238] The user information storage unit 51 , upon re- 
ceipt of the activation acknowledgment notice from the 
UIM ^2 of the user k, determines an area of the real dis- 
tribution infon-natlcn storage unrt 54 of the individual us- 
er information storage unit 53- k corresponding to the ba- 
sic block 4C-.X. in ;h:s area, the pointer data correspond- 
ing to the program written in the basic block 40-X is ai- 
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ready written in the tJIM 12 of the user k. In this area, 
the information to the effect that the activation is corr:- 
plete fs written in such a form that a given pointer coex- 
ists As the result of this operation, the distribution men- 
s aqemeni server 1 SA can grasp whether the activation 
has been performed for the basic blocks 40-1 to 40-7 of 
si! the Ul Ms 12 by accessing each area of the user in- 
formation storage unit 51 , 

[0239] The user information storage unit £1, at t?^e 
^0 end of the operation for writing the information to tre 
effect that the activation is complete, notifies the mofci^o 
terminal i1 that the registration is complete as a pro- 
gram list, and subsequently, notifies that the program 
can be executed, while a! tf-^i ;;;;!mt; time ending tf-e 
'5 process (step SI 53). 

[0240] The distnbution management server 1 6A ncti- 
fies the contents server 1 9 that the activation of the pro- 
gram is completed (step SI 64) 

20 [2,3 -5 2j Registration of in UIM basic block (in the case 
where the distribution management server holds the 
program proper) 

[0241] in the example of operation shown in Fig, 25. 
the program pr-oper, of which the distribution is desirec 
by the user, is not stored in the distribution management 
server 1 6A but in the contents server 1 9, In the cperat^on 
example shoswn in Fig. .?6, in contrast, the progrsm prop- 
er of which the distribution is desired by the user is 
30 stored in the distribution management server 1 6A, The 
opetation example shown in F-,g. 26 will be explained 
below. 

[0242] The user accesses the registration list re- 
ceived from the distribution management server 16A, 
35 and perfomisthe operation forse-lectingthe desired pro- 
gram. A distribution request containing the pointer i.n the 
registration list corresponding tc the particular prog.'-am 
is sen! from the mobile terminal 11 tc the user Informa- 
tion storage unit 51 of the distribution management sei"v'- 
'iO er 16A (step S161). 

[0243] The user information storage unit 51 , upon re- 
ceipt of the distribution request from the mobile terminal 
11 of the userk, reads the pointer data for specify ingt^ic 
place of storage of the Uf-^t, of the program or the pro- 
p's grarr; proper of which the distribution is requested, from 
that area of the reai distributior; information storage ijnit 
54 of tne individual user information ;5toraQe unit 53-k 
which corresponds to the pointer in the registration list 
contained in the distribution request. The distnbution re- 
■5" quest containing this pointer data is sent to the progrsm 
information storage unit 52 (slop SI 62) 
[0244} The program information storage unit 52 sc- 
cesses the area designated by the pointer data m the 
distribution reques-st. In the case where the program 
55 proper IS stored in the particular area, the secuj-e com- 
munication control unit 62 requests the authenticalson 
server 18 to issue a cerirficate, i.e. sends a request fo^ 
the UIM public key required for encrypting the program 
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Dtoper and sendlncj X to ths UiM 1 2 of the usor k (5iep 
S163), 

[0245] in the case where the program corresponding 
to the distribution request is a program permiUed to write 
:n the UiM '12 the authentication server 18 sends the 
UIM public Key to ths secure commLjnication control unit 
62 (step vS 164). 

[0246] The secure cornniunication cohtro! unit 62 re- 
ceives thi!5 UIM public key, and upon determination thai 
■he i<ey is legirimate, encrypts the program to be distrib- 
uted, using the UIM public key, and thus generates 3 
program with eertif icate. 

[0247] When Uie i;ser performs the Dperation at the 
mobile terminai 11 lo permits the program distribulion 
IhG secure commun. cation control unit 62 of the distri- 
bution managerrient setverl6A sends a program wilti 
certificate to the Ul V 12 of the mobile terminal 11 (step 
SI 65), 

[0248] The UIM "i? hHS stored therein a UIM private 
Key paired with the UIM public key, and using this UIM 
private key decryp-s the program. The same program 
is written in the basse block 40-X. 
|0249| T he subsequent operation is similar to the cor - 
responding operation shown in Rg, 25. In Fig, 26, steps 
316610 SI 71 ccrrespond to stops SI 48 to SI 53 in Fig. 
,25:, 

[2 3 13) Registrsticii in UIM basic block (in the case 
where the disiribiiticn management server holds ths 
program proper, anci the secure comrriunication control 
unit holds the UiM pubhc key) 

[0250) H may happen that when th© mobile tei-minal 
11 sends a distribi-il on request to the distribution, man- 
agement server 16.^^, the secure communication control 
unit 62 of the distribution management server 16A holds 
the UliV? public key of 1 he UIM 12 to which the program 
is to be distributed Such a phenomenon may occur for 
e;<ample, in the oas-3 where programs are disiributed to 
the same UIM 12 within a short time. Fig. 27 shows an 
e.!<amp!e of the op33tion pertonned in such a case. In 
this operation exarrple, when a program proper corre- 
sponding to the disiriDulion request is found, the pro- 
gram is encrypted using the UIM public key he id in the 
secure communication control unit 62 and written in the 
UIM 12, The operation shown in Fig, 27 is similar to the 
operation shown in Fig. 26, except ihal the operation 
corresponding to steps 31 S3 and S 164 for acq ui hog the 
Ulivl public key frorr: the authentication server 1 8 is lack- 
ing. Steps SI 81 , SI 62, S183 to SI 89 in Fig. 27 corre- 
spond to steps S1 61 , Si 62, SI 65 to Si 71, respectively, 
in Fig, 26. 

[2.3. -.4] Registrati-on in UIM free basic block 

(02511 The user. Dy operating the rriobiis temiinal 11 , 
can register a program in the free basic block 40- F1 of 
the UIM 12. This operation is shown in Fig. 28. 



[0252] In the case where a program is registered in 
the free basic block 40' F1 of the UiM 12, the user oper- 
ates ths; mobile ter-nlnai 11 so that the desired conler:ts 
server 1 9X Is accessed and a rcquesttordlstrib-Jting ■ he 

5 desired program is sent to ll (step 8191), 

[0253] The con-ents server 1 9X that has received 5 his 
distribution request distributes the requested program 
to the secure communication control unit 82 ot the dis- 
tribution management server 16A {step S192). 

w [0254] The user performs the operation to permit the 
distribution to the free basic block 40-F1 , and the int'or- 
mation indicating the particular opera-ion is sent from 
)he mobile terminal 11 to the distribution management 
server 16A. Then, the secure communication control 

15 unit 62 distributes the prograiTi to the UIM 12 of the n-:G- 
bile lerminai 1 1 (step SI 93). This program may be s-snt 
in encrypted fofrri or without encryption. The UiM 12 
wriies this program in tne free basic blocK 40-F1 
[0255] The UiM 12, at ttie end of ttie program >A''ile 

so operation, transmits a writs end notice to the dis'ribuiion 
management seiver 16 (step 31 8-^), 
[0255] The user information storage unit 5 I oftheciis- 
trlbution management seiver 16 receives the write -and 
notice ftom; the UiM 12 0I the user k, and updates ;he 

2S information including the number of distribution ses- 
sions stored in the atea of the user Individual information 
storage unit 53-k corresponding to the free basic biQck 
40-Fi (step SI 95). 

[0257] Once this update operation is compieted. the 
30 user information storage unit51 sends to the UiM 12 an 
activation instruction for the program written in the f:ee 
basic biock 40- F1 (step 8196-. 
[0258] The UIM 12, incompliancawiththis instrjclion, 
completes the program activation, and transmits to -he 
55 :jser information storage unit 51 of the distribution !T;an- 
agement eer\'sr 16 an activation response notice indi- 
cating that the activation of the program in the free bssic 
block 40-F1 is completed (step S197), 
[0259) The user information storage unit 61 , upon re- 
cetpt of the activation response notice from the U M 2 
of the user k, registers the information that the activation 
iscomplete.inthearesoffheindividualuserinformaiion 
storage unit 53-k corresponding to the tree basic block 
40-F1 . The user ^formation storage unit 51 notifies. In 
45 ttie form o' prugram list, the mobll-s tenminal 1 1 that the 
registration is complete, thereby ten-ninatlng -he proc- 
ess (step ai 98). 

[2.3,1.5] Program deletion from user information 
50 storage unit 

[0260] Now. the process for deleting the program reg- 
istered in the user information storage unit 51 will be 
explained with reference to Fig. 29. 
55 [0261] The user, by performing a predetermined op- 
eration, can display the registration program list re- 
ceived from the distribution management server 1 6.^, on 
the display unit 21 . Under this condition, the user spec- 
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!ftes the desirsd progran-. and instriicts to delete the pra- 
grsT! in the disirib^y.ion r^ianagGment server 1 6A A pro- 
grsrr regiatration cJ^iete re-quesl containing the informa- 
tion tor specifying vvnat is io be deieied is sent So the 
user infonnaiion sJoragfi unit 51 of the dlsinbution rrian- 
agsment serve; 13A (step S201). 
[0262] in the cas 3 where the program to be deleted is 
already deleted ?rorn any one of the basic blocks 40-1 
to 40-7 o? the iJ\hf, 12, the user information storage unit 
S'^ sends a cancei request indicating ths desire of the 
user to cancel the ijtiii^atiori of the program, to the con- 
terrts ser\'er 1 9 frorn which the particular program Is dis- 
tributed (step S202; in the case whGre a program to be 
deleted remains u^ideleted in any one of the basic 
blocks 40-1 to 4G-7 of the UiM 12, on ths other hand, 
ths process for dsisiion of the program from the basic 
blocks 40-1 to 40-7. described later is carried out at the 
ssme time under -i-re guidance of the distribution rran- 
agenrierrt server 1 6A. 

[0263] The contents server 19, upon rsceipt of the 
carscel rcq-jest. sends a cancei permission notice to the 
ijssr information s-erage unit 61 of tne dist tbuiion man- 
agement sfirveriSA (step S203). 
[0264] The user informalion storage un-l 51 . upon rc- 
C55ipt of tne cancei psrmissicn notice, doic-ies the infor- 
malion on -he program of which the deletion is request- 
ed in step S201 , and sends the registered progrsim list 
after deletion to themobiie terminal ^1 (step S204) 

[2 3 16) Program dslstion from UIM basic block 

[0235] Now the process for deleting a program from 
the basic Diocks 40-1 to 40-7 of the UIM 12 will be ex- 
plained with reference to Fig, 30. 
[0256] The user, by psrfomiing a predetenrjinsd op- 
era-ion, can display on the display unit 21 the registered 
program, list transrr-;:!ted already to the mobile terminal 
1 1 . Under this condition, assume that the user specifies 
the desired prog.-s-rr and gives an instruction to delete 
It. One of the bas^c blocks 40-1 to 40-7 of the UIM 12 
where the prograr: to be deleted is stored is determined, 
and a deletion raQL;esi containing the information spec- 
ifying the particular basic biocit is transmitted from the 
mobile terminai 11 to the user inforrnatior storage unrt 
5- of the distribution managemen; server 16A (step 
sail), 

[02873 The user informaiion storage uni! 51 , upon re- 
ceipt of tha deletion request, sends a deletion pennis- 
sion notice to the Uiiwi 12 (step S212). 
[0268] The UM 12. upon receipt of the deletion per- 
mission notice, deifjtss the program specified by the us- 
er in step S21 1 frcn-i the bsisic block, and sends a dele- 
tion end notice tc -ha user information storage unit 51 
{step S213), 

[02691 As a resi;!;, the user information storage unit 
51 deletes the in'or^nation on the corresponding pro- 
gram under the control of fhe transmission control unit 
61 , and gives a deiaiion notice to the contents server 1 9 



(Step S214). 

[0270] Also, the user :nformation storage unit 51 no- 
tifies the mobile terminal 11 tha! the deletion iscompiete 
in the form of a program list, thereby ending the prcciess. 

5 

r2, 3. 1.6.1 1 The case in wi-:ich the program deletion from 
basic block is carried ouf at the same tirr:e under the 
guidance of distnbutson management server. 

f0271] As described above, if the process for deleting 
a program from the basic blocks 40-i to 40-7 is carr.'ed 
out at the same time as the deletion of the program from 
the user intormaiion storage unit 5 ufider the guidance 
of the dist-ibution management server, the user infor- 
'5 mation s-orage unit ,51 of the distnbution managerhent 
server sends a deletion instruction to the Ullvi by spec- 
ifying the program of which deletion is requested, n 
place of the process of steps S2il and S212 described 
above, 

20 

[2.3 1 .7} The case in which use of user infonrolion 
storage unit is prohibited. 

(0272] According to this embodiment, a doactiviation 
process for the user information storage unit can bo ex- 
ecuted for preventing the user from using the user ir-^for- 
mation storage unit 51 . This deactivation process for the 
user informatic-n storage unit is earned out, for example, 
in the case where the disiribufion management server 
1 6A stops the service temporarily, or the sen/ice of the 
distribution management server 16A to the user is tem- 
porarily suspsn-ded ar the request of tne contents p,>-o- 
vider holding the contents server 19. Once this deacii- 
vaElon process for the user information storage unit is 
3S carried out, the distribution of the programs registered 
in the user information storage unit 51 io the ^2 is 
prohibited and so is the deletion of the programs reais- 
tered in the um 12, 

[0273] Now, with reference to Fig. -31 , the deactivation 
•ic process for the user information storage unit will be ex- 
plained. The foiiovving descnption concerns the case in 
which the contents sen/er 1 9 requests the deactivation 
process for the user information storage unit. 
[0274] First, the contents server 19 sends a user ;n- 
"fs formation storage unit deactivation request to the user 
information storage unit 51 of ihe distribution manage- 
ment server 1 6 A <step S22 1 ; . 

[0275] The user infomiation storage unit 51 , upon re- 
ceipt of the u,ser information storage unit deactivation 
so request, is prohibited from use (deactivated state), snd 
sends a user information storage unit deactivation per- 
mission notice to the contents server 1& (stop S222}. 
[0276] Then, the user information storage unit 51 
sends to the mobiie terminal 11 a user information s-or - 
age unit deactivation notice to the effect thai the us;? of 
ihe user information storage unit 52 has been prohibited 
(step S223). 

[0277] As a result, the user of the mobile iermina; 11 
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can confirm that tf 
Ljnit 51 has iseen j 



■ jss of thft u 
;:v;;bited 



[2-3.1 ,7,1] Ths. esse h which the,- user iniomiaticn 
storage unit is disaciivated by d^striDL^tion nruinagem&nt 



[0278] in the case vvtiere the user information storage 
unit i£ deactivcSfec! by She distribution nnanacjement serv- 
er 16A by itssif, the- user information storage unit 51 is 
prohi!3tt5d trcm use ^ \s ^' -i - ^^auser'n- 

fcrmatior! storage un^t aeactivation noiiccio tne mobile 
terminal 11 ir;dicatingthfattfisuseoftheu&erinformation 
storage unit 51 is pronibiled (step S223) 

[2 3 1 8] The case ;n -Hhich the. use of the program 
siores in UIM basic biock ts protiibited 



[0279] NcvV; the process for doactivaiiofi of t)asic 
block for ptonibiting ihe use of a program stored in the 
basic blocks 40-1 tc 40-7 or the free basic block 40-F1 
of the U;M 1 2 wili bs- sxpiained with reference to Fig. 32. 
[0230] This procass is earned cu- in the case where 
the r'lotiilc termna - ^ v <. " 

requests the user tc^ proiiibit the use thereor. Or-ce this 
process is carried out, the user is prohibited from using 
the programs stored sn the basic blocks (including the 
free basic biock) involved The description that follows 
deals with !he case n which the i-ser service sen/er 65 
in charge of user services, taking an appropriate meas- 
ure such as when -ne mobile terminal 11 is stolen, re- 
quests the process for deactivating tne basic blocks 
based on the report from the user. 
[0281] Fig. 32 s;-",ows a sequence of the deactivation 
process for the basic bloci^s. 

[0282] First, the user service set%'er 65 sends a basic 
block deactivation request to !he user information stor- 
age -Jnit 61 of the distribution management server 16A 
(step. S231}. 

[02831 The user information storage unit 51 , upon re- 
ceipt of the basic s:ock deactivation request, sends a 
deactivatiGfi inssnictson to the Ulf\/t 12 (step S232) 
[0284] As a resLsU, the UllW 12 deactivates the basic 
blocks m.eeting the basic block deactivation request, 
and gives a basic bioci< deactivation response indicating 
that the use of ihe i^asic blocks has been prohibited 
(step S233). 

(0385) Then, tht user information storage unit 51 
gives a basic block deactivation end notice to the user 
SSI-vice server 65 indicating that the use of the basic 
bloci^s of ifie Ulfv': ".2 has been prohibited (step S234). 
[0266] Further, i^io user information storage unit 51 
gives a user infO!-r:-ation storage unit list to the mobile 
terminal H indicat ng that the use of ttie basic blocks 
(which may include- the free basic block) is prohibited, 
thereby ending th-s process (step S235). 



[2.4] Effects of second emtrodiment 

[0287^ As described ftbove. according to the secono 
embodiment, programs can be aistribuled beyond the 
5 limit of the number of the storage areas of the stora-ge 
module (UIMl, and the operating convenience on the 
part of the user is improved. 

[028S] Also, the cistribution rnanagement seiver can 
easily manage the activation/ deactivation of Ihe pro- 
w grarn distributed, and the distribution and the cicSivatton.' 
deactivation of the program ready for distribution. 

[3] Modifications of embodiments 

rs [3. 1 1 First modification 

[0289] The foregoing description deals with the case 
in which a single distribution management server is in- 
volved. Nevertheless, a plurality of distribution manage- 
txient servers can be provided for distributed processing. 
[0290] in such a case, the programs stored in eacn 
UIM and the information on the storage area of each 
program can be stored in a common database. 

[3 2| Second modification 

[0291] Apart from the foregoing description, dealing 
with the case in which the distribution management 
server is connected dirc5ctly to a line switching nelwork, 
30 the distribution management server can be connected 
to the line switching network through an internet makirg 
up a packet switching network and an internet gateway. 



[3.3] Third modification 

35 

[0292] Although only !he UIM is described above as 
a storage module, tne invention is also applicable to va:^- 
lous IC card memories with equal effect. In this case, 
the storage module cars be arranged at a fixed terminai 
40 as. ijsell as si a mobile terminal. 



1 , A program distribution system compnsing: 

at least a rnobiie terminal having means for 
transmitting a program distribution request: 
a storage module built in or connected to said 
mobile terminal; 

a contents server for receiving said disthbii;ion 
request and transmitting a program to be dis- 
tributed; and 

a distribution management server for receiving 
said program from said contents server and 
only in a case where said contents server i.s an 
authori?ed contents server, fransmitting sa;d 
program received from said contents server to 
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said ijtcrsgs modi;le b-jiit in or connected to 
saldmcsbiistsrrTiinai; 

charsst&riaed in that said storage module in- 
cludes 5 

a storage mlt. and 

a conlrckjf^i; for storing in said storage umtsaid 
program r^-eived from said distribution niatv 
agemert! ssrvsr through said nrioblle terminal jo 
and, In cG;T.pliance with a request, exscutmg 
said prcgram stored in said storage unit, 

2. A program cilstribution systenr: as set forth in claim 

1 . further ccr^prising sn authentication server for '5 
stonng a first encryption key unique to said storage 
module, 

charactef !i;ed In that ssid control unit of said 
storage module decrypts ssid program erscrypied 
by said first sr^sryption key and. only in a case 20 
where decryption is successful, said program ob- 
tained by dec-vpJion is stored in Siiid storage unit. 

said corie-Tts server, upon receipt of said dis- 
t'ibution request, acquires said first oncryption key 
f'om said aut-^sntication server and, using said firs! 
encryption key. encrypts said program tobedistrib- 
Lted, said ccnients sender further encrypting said 
progr'am usi'^ig a second encr>'plion key obtained m 
advance and trf5r;smitt fng it to said distribution man- 
egement sefver, and 30 

saiddistrit-i-iionmanagerrsentserverdecrypts 
said encrypted program received from said con- 
tents server, L'ssngsaidsecorid encPiCpEion kev, gen- 
srales 3 progrsim encrypted only by said first en- 
cryption key and, only in a case where said decryp- .35 
t:on is successful, transmits said program obtained 
by said deeryptfen ta ss^q jjtorags maduie. 

3. .A program distribution system as set forlh in claim 
1, characteFizsc! in that said storage module 
stores a program and data ussd by said programi. 

4. A program dis-ntj^jtion system as set forlti in claim 
' , characterizes! in that said distribution manage- 
ment server inci■K;l^^ a charge processing unit for -(5 
starling a charge process at a time of distributing 

ti? program Ec S3:d storage module. 

5. A program distribution system as set forth in claim 

4, charactftftsed in thai said charge processing $0 
unit charges for reriiai of said storage module 

6. A program d!si:-i;:ution system as set forth in claim 
1 characterised in that said distribution manage- 
ment server inc.iucies a charge processing unit for S5 
starting said charge process at a lime of holding a 
program for sfdo siorage modulo. 



7. A program distnbution system as set forth in claim 
6. characterized in that said charge p.^ocessing 
unit charges for rental of said storage module 

8. A program distribution system as set forth in claim 
1 , characterised in that said distribution manage- 
ment sen/er transmits an activation instruction to 
said storage module at the request of another de- 
vice, and 

said storage module, upon receipt of said ac- 
tivation instruction, is ready to execute said pro- 
gram stored in said storage module and designated 
by said activation instruction. 

9. A program distribution system as set forth in ci&im 
1 , characterized in that said distribution manage- 
ment server transmits a deactivation insEructlon to 
said storage module at a request of another device, 
and 

said storEige module, upon receipt of said da- 
activation instruction, is ready (o execute said pro- 
gram stored in said storage module and designated 
by said activation instruction, 

10. .A program distribution system as set fortn in claim 
1 , characterised in that said distribution manags- 
mant server transmits a deletion instruction to said 
storage module at said request of another device, 
and 

said storage module, upon receipt of said de- 
letion instruction, deletes the prog.'-am designated 
by said deletion instruction from said storage mod- 
uie, 

11. A program distribution system as set forth in ci&im 
1 , sharacterlzed in that said distribiilion manage- 
ment server includes means for managing a state 
of said program in said storage module based on 
information sent to said storage module. 

12. A program distribution system as set forth in cia^rr^ 
1 , charactersxed in thai said distribution manage- 
ment server acquires version mfoimalion for said 
storage moduie and determines vi/hether said pro- 
gram IS to be disti ibuEed or not, based on said ver- 
sion. i,nf,Qnnatio.n,. 

13. A program distiibution system as set forth in claim 
1 , characterized in that said rnobiie terminal in- 
cludes a first communication unit for communica- 
tion utilizing a mobile communication network, srd 
a second communication unit different from ss^d 
first communication unit, and 

said control unit of said storage module ;;v 
eludes means for communication uEilizing said ssc- 
ond communication unit in a<xordance with sad 
program stored in said storage modul-3. 
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14. A progran-i disiribLition syst^^m c;ompns:n;r 



iiig means for trfinsrT-itting 
n request: 

uiH in or confiecte;d to said 



amosiieierminal hav 
a program d;stnbLJtio 
a storage module b 
mobile terminal:, and: 

a conlmunic^il.ion management ser-zer for re- 
ceiving saia distribution request, and in a case- 
where a program to be distributed is provided 
by an 'authsrii'.ed contents sender acquiring 
said pfograrrs and transmitting it to said storage 
modijte buii^ in or connected io said mobile ter- 
min£;j: characterised in that said storage mod- 
ule inciudes 
a storage ufiit, and 

a control un^t tor receiving intorrraiion through 
saia mobile terminal, storing in sakJ storage unit 
said infermatlon only m a case w?H;re said in- 
fcrrnaiion i3 a program received 'rom said dis- 
tribution n-inagement servar, and executing ^< 
said program stored in said storage unit, in 
corr^pliancs with a requesi- 

15. A program di&s;-ibLition system as set fortli tn claim 

14, characterixed in that said distrib^jiion manage- ■? 
msnt server inciJdes .^i real distribution intormation 
storage unit fos- storing pointer data for specifying a 
program sent to said stonace moduls 

16. A program distribution system as set forth in claim 3 

15, characterized in that said storage unit of said 
storage moduie inclLJdes a piuraiity o* basic blocks 
for stonng programs, and said real dSstrbution in- 
formation stor.?-.oe unit of said distribuiior manage- 
nient server includes a piuratity of areas ccrre- 
spending to a plurality of said basic blocks. 

17. A program distribution system as set forth in claim 

16, chsracterSsfid ir, that said distribution manage- 
ment server includes a virtual distribution informa- - 
tion storage unit for storing sad pcintet data for 
specif\-ing a progrann capable of being distnbuted 

to said storage module but not currently stored in 
said storage nioduie, and upon receipt of request 
of distribution, to said storage moduiS: of a progrsm 
specifisd by ssid pointer data stored in said virtual 
diairibi.tlon infc-mialion storage unit, said program 
is distributed to said storage module and, said point- 
er data for specifying said progrann is moved from 
said virtual intonnaiion distribution storage unit -o 
sale ^Gcii distribution information storage unit. 

1S. A program distribution system as set forth in claim 
16. characterised \n that said distribution manage- 
ment ssn/er ir,cludes a program infcrrr;ation storage 
unit for storing selected one of add:-6ss information 
Indicating a location of a program capable of being 
acquired from said contents serve-- and a program 



acquired from said contents server and, upon re- 
ceipt of a request for distribution, to said storage 
n-odule. of a program specified by said pointer d.=-.ia 
s-ored in selected one of said real distribution infor- 
mation storage unit and said virtual storage infor- 
mation storage unit, said program is acquired using 
said program Information storage unit and is distnii- 
uted to said storage module. 

19, A program ciistributton system as set forth in ciaim 
1 7, characterized in that said mobile termrinai in- 
cludes means for transmitting a menu list request; 
and 

said distribution management server; in com- 
pliance witi"; said menu list rsquest. accesses said 
pointer data stored in said real distribution inforrria- 
tlon storage unit and said virtual distribution infor- 
mation storage unit for said storage module built in 
or connected to said rnobile temnnal. generates a 
list of ptograms specified by said pointer data; and 
transmitting said list to said mobile tenmnal. 

20, A program csistribution sysrem as set forth in ciaim 
14 eharact«rized inthat 

said mobile terminal includes a first commu- 
nication unit for communication utilizing a mobile 
comrnunicaiion nervifork; and a second communica- 
tion unit differentfromsaidfifst communication sjrsit: 
and 

J said contro! unit of said storage module in- 

cludes means for communication utili/mg said sec- 
ond comrnunicaiion unit in accordance with a pro- 
gram stored in said storage moduie. 



21, 



A distribution n 
by comprising: 



:nagement server characterized 



means for receiving from a contents server a 
program encrypted by a first encryption key 
unique to a destination of distribution and a sec- 
ond encryption key unique to said contents 
server pemiined to distribute said program: and 
means for decrypting said program received 
from said contents server to a state oncr^/pted 
by said second encryption key thereby to gen- 
erate a program encrypted by only said first en- 
cryption key, said program being distributed to 
said storage module built in or connected to a 
m obits terminal. 



ZZ. A distributee 
by comprisi 



1 management s 



a program information storage unit for storing 
selected one of a program acquired in adv.^nce 
from an authorized contents server anc ad- 
dress intormation thereof; 
a real distribution infomiation storage unit for 
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storing poir.'R;- dsis indicating a storod position, 
in said program information storage unii, of a 
progra'Ti tvhic^s is said program stored in a stor- 
sci'S niodufe buiU in or connected to a mobile 
terminal, or in a case where address informa- 5 
■ion of said program is stored in said program 
information storage unit, a seiected one of said 
program and said fiddress -nformation thereof: 
a virtual distrlbijtion infonnation storage unit for 
storing pcinier dats indicating said stored posi- io 
tion of a prog;-ann in said program information 
storage unit, in a case where a program which 
is said program distributabis to said storage 
module bLst not currently stored in said storage 
TiOdulG, or address infonristion thereof le ?5 
stored in s^sid program information storage unit £S. 
and 

means for acquiring a program specified by 
said pointa-i data sloied in said virtual distribu- 
tion inforiTiation storage unit, utilizing said pro- so 
grain inforrr:atiGn storage uriit in accordance 
with a request from said mobiie termir^al. and 
distrtb'iJting said program to said storage ,mod- 
uio, and rr;ov;nQ said pointc' delta to said real 
distribution informa! ion storage unit, 2S 

23. A contents sers.'!jr comprising: 

means for acquiring an encryption kesy unique 
to a stcrags module from an external aulhenti- 
cation server upori receipt of a program distri- 
bution reqtjest from amobiie tsrriiinal burit in or 
connected to said storage mc-duio 
first encrypt;on means for encrypting a program 27. 
to be distf ibLited, by said first encryplion key; 3S 
second encryplior means for encrypting a pro- 
gram obtained by said first encryplion .means, 
in such a mranner as to be decrypiec by the dis- 
tribution management server for distribution to 
said storage module; and 4o 
means for transmitting said pjogram encr>'pted 
by said firs- and second encr>'ptfon means to 
said distribution management ssn/er. 

24. A storage moduie bulls in or connected to a mobile 4S 
terminal, comprising': 

a storage unit; and 

a control unit for receiving an encrypted pro- 
gram from a specific distribution management so 
se;verthroL.!gh said mobile terminal, decrypting 
said pr-ogram by a private key stored in ad- 
vance, stonrig said program in said storage unit 
oniy in a case where said decrypiion succeeds 
And, in response to a request, executing said 55 
program stored in said storage umt 

25. A storage module as set forth in claim 24, charac- 



terixed in that said storage unit includes a plurality 
of storage blocks for executing a progiarr^. and a 
storage area for storing an activation flag indicating 
whether a program stored in each storage block can 
be executed or not, and 

said control unit writes said activation flag m 
accordance with an instruction received from a dis- 
tribution managsmen! server through said mobile 
temiinaL and in a case where an instruction is given 
to execute a program stored in any one of basic 
blocks through said mobile terminal, said corlro! 
unit determines whether said execution insfruction 
is to be followed or not based on an activation fiag 
corresponding to one of said basic blocks. 

A program dtstribution method characterized iiy 

comprising: 

a step of a mobile terminal iransmilling a pro- 
gram distribution request to a contents server, 
said storage module being buiit in or connected 
to said mobile terminal; 
a step of said contents sender receiving said 
distribution request and transmitting a program 
to be distributed, to a distribution managemont 
server; and 

a step of transmitting said p.i-ogram to said stor- 
age moduie built in or connected to said mobiie 
terminal to which said distribution request is 
transmitted, in acase where said contents serv- 
er transmining said program is an authorised 
contents server. 

A program distribution method comprising: 

a step of a mobile terminal transmitting a pro- 
gram dkstribulion request to a contents ser/sr. 
said storage modujebsing built in or connected 
to said mobile tcrminai: 
a step of said contents server receiving sa'd 
dist;ibution request and acquiring a first en- 
cryption key unique to said storage moauie 
from an authentication server; 
a step of said contents server encrypting a pro- 
gram to be distributed, by said first encryption 
key; 

a step of said contents server encrypting a pro- 
gram ancrypied by said first encryption key, by 
a second encryption key acquirso in advance, 
a step of said conlents server transmitting a 
program encrypted by said first encryption key 
and said second encryption key, to a distribu- 
tion management server; 
a step of said distribution management server 
decrypting said program transmitted from ssid 
contents server, to a stale before said second 
ancr\'ption, and generating a program encrypt- 
ed only by said first encryption key; and 
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a step of s«;d di&thtiution manacjfsmsn! seruc-r 
transniltirig a program encn/ptfsd oniy by said 
first sncryp? ion key. to said storage module buiit 
in or conn&cied to a mobile terminal to which 
saici Qislribi-ison request is iransmitied. 5 

28. A program d^stnbution method comprising: 

A step of a s^obile terminal iransrriitting a pro- 
gram disinbjtion request to a distribution man- ^■ 
agsment server, k storage module bsmg built 
in or connecied to said mobile terminai; 
a step of s%;-i distribution management seiver 
receiving said distribution request, and deter- 
mining whB;iner a program to be distnbuted is ' 
a program provioed by an authonzed contents 
server or noi; and 

acquiring sa;d program and transn-iitting it to 3 
storage modulE; built ir; or connected to said 
mobile 'ctmi^ial in a ca&e where said program ^ 
to be distr bjted i? provided by an authorized 
contents server. 

29. A program distribution method as set forth in ciaim 
28; comprissriQ: 

a step of sad distribution management server 
storing a pfsgram or address infomiation thore- 
oi in storaas mesns in pisce of said storage 
moduie: ar^d ' 
a step oi £a:d distribution management server, 
upon receipt of a prografr. distribution request 
from said mobile terminal, acquiring a request- 
ed program using said storage means and dis- 
tributing It to said storage module 

30. A program for csustng a computer of a CiStribuHon 
management s^irver to execute: 

a process itr receiving from said contents sBr\'- 
er a progr.:^m which has been encrypted by a 
first encryp-ion key unique to a distribution des- 
tination anS s second encryption key unique to 
a contents server authorized to distnbute a pro- 
gram; and 

a process for decrypting a prog i am received 
froiT! said C:jnteniss«rver and thereby restoring 
said program to a state before the encryption 
by said second encryption t^ey. thiereby gener- 
ating a prcg- am, encrypted only by said first en- 
crypiion key and distributing said program to a 
storage rrK.-dulfi buitt in or connected to a mobile 
terminal. 

31. A program for causing a computer of a diistribution 
management server to execute: 

a step 0- receiving a program distribution re- 



quest from a mobile tenr-inal witti a storaj:e 
module buiU therein or connected thereto 
a step of determining v^hether a program tc tie 
distributed is provided by an auttiorii^ed con- 
tents sen/er; and 

a step of acquiring said program to be distrib- 
uted and transmitting it to a storage module 
built in or connected to said mobile terminai in 
a case where said program is provided by an 
authorized contents ser^^er. 



32, A program distribution method as s 
30. characterEZfsd by comprising; 



St forth in clair 



a step of storing a program or the address in- 
formation thereof in storage means in place of 
said storage module; and 
a step of acquiring a requested program using 
said storage means and distributing said pio- 
giam to said storage module, upon receipt a 
program distribution request from said mobile 
terminai; 



33, A programr for causing 
server to execut-e: 



\i computer of a contents 



a prccess for acquiring, upon receipt of a pro- 
gram distribution request from a mobile termi- 
nal with a storage moduie buiif therein or con- 
nected iher-eto, an encryption key uniqi.e to 
said storage modi;le from an externa! authen- 
tication server; 

the first encryption prccess for encrypting a 
program to be distributed, by said first encryp- 
tion key; 

the second encryption process for encrypting a 
program obtained by said first encryption proc- 
ess. In such a manner as to be decrypted by a 
distnbution management server for distribuiing 
a program to said storage module; and 
the process for transmitting a program encr\,;pt- 
ed by said first and second encryption process- 
es to said distribution management ser^rer 

34. A program tor causing the control unit of a storage 
module buiit in or connected to a mobile terminal to 



a process ior receiving an encrypted progr'am 
from a specified distribution management sen," 
er through a mobile terminal; 
a process for decrypting the received prog-am 
by a private key stored in advance, and only in 
a case wnere said decryption is successful, 
storing said program in a storage unit; and 
a process for executing the program stored in 
said storage unit, as required 
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35. A program tor caiisinci a computer of ft (Jislriburion 
management s-sPv/er lo execute. 

a procssE for receiving fron a contents ser\'er 
authorized io distribute a program, s program 5 
encrypted Dy a first encryption key unique to a 
distributee ^;nd a secorid encirypiion key unique 
to said ccRtants server; arid 
a process ;or decrypting said prog; arp received 
fiom said contents server, and .restoring said 'O 
program to a state be'erG said enc-ypiion by 
saidseco;"!d encryption key, tl'iereby genetatlng 
a progr-afT! encrypted oniy by said first encryp- 
tion key ano distributing said p-'ograrn to a stor- 
age mcduia buiit in or connected to a mobiie '-5 
temnina:. 

3S, A program for causing a computer of a distribution 
rnanagernent server lo execute: 

20 

a step of 'cceiving a program distribution re- 
quest fron- a mobile terminal with a storage 
module bi.:ii!. tiiersin or connected tliereto; 
a stop of determining whether a program to be 
distributed :s provided by an aulhori:?ed con- ?s 
tents sen/er or not; and 
a step cf acquiring and transmitting a program 
to be distributed, to a storage modiiie buiit in or 
connected to said mobiie terminal in the case 
where ssid orogram ts provided by an author- so 
ized conieriis server. 

37, A program dis-ributicn method as set forth in claim 
36, characterized by comprising: 

35 

a step of s.'Onng a program or the address in- 
formation ti^sreG! in storage means in place of 
said slorage module; and 
acquirir;g, upon receipt of a program distribu- 
tion recues; from said mobile terminai, the re- -^o 
quested prograrn utilizing said storage means 
and distributing said program to said storage 
module. 

38. A program for causing a computer of a contents -^5 
server to exscsjis: 

a process for acquiring an encryption key 
unique ;o a storage module iauilt in or connect- 
ed to a mob::e terminal from an extsrn«i authen- so 
iication ser^^er, upon receipt o! a program dis- 
tributio!-; recucst from said mobile temiinal: 
a first encryption process for encrypting a pro- 
gram to be distributed, by said first encryption 
key: ss 
a second encryption key for encrypting said 
progriim obtained by said fir.st encr^fption proc- 
ess, in such a manner as to be decrypted by a 



distribution management server for distribLn:no 
a program to said storage module; and 
a process for transmitting to said distribution 
nnanagement server said programt encrypted 
by said first and said second encryption proc- 
esses, 

33. A program for causing said control unit of a stor^jge 
module built in or connected to a mobile termina; to 



a process for receiving an encrypted program 
fromi a specified distribution management serv- 
er through said mobiie terminai; 
a process for decrypting said received program 
by a private key stored, and storing said pro- 
gram in a storage unit only in a case where said 
decryption is successful; and 
a process for executing said program stored m 
said storage unit, as required. 
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